Cross-Site Scripting in SonicWall Global Management System
CVE-2018-5691

5.4MEDIUM

Key Information:

Vendor
Sonicwall
Status
Analyzer
Global Management System
Vendor
CVE Published:
14 January 2018

Summary

The vulnerability in SonicWall Global Management System (GMS) 8.1 allows an attacker to exploit Cross-Site Scripting (XSS) via the 'newName' and 'Name' parameters of the /sgms/TreeControl module. This can potentially lead to unauthorized actions being executed in the context of the affected user's session, compromising the integrity and confidentiality of user data. Users are advised to implement suitable security measures to mitigate the risks associated with this vulnerability.

References

https://www.vulnerability-lab.com/get_content.php?id=1819
x_refsource_MISC
http://documents.software.dell.com/sonicwall-gms-os/8.2/r...
x_refsource_MISC
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-201...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.