2 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. Vulnerabilidad de XSS en mainPage en Dell SonicWALL GMS anterior a 7.1 SP2, SonicWALL Analyzer anterior a 7.1 SP2 y SonicWALL UMA E5000 anterior a 7.1 SP2 podría permitir a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro node_id en una acción ScreenDisplayManager genNetwork. DELL SonicWALL Universal Management Suite version 7.x suffers from a cross site scripting vulnerability. • http://osvdb.org/103216 http://www.kb.cert.org/vuls/id/727318 http://www.securityfocus.com/bid/65498 http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/91062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 5

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Múltiples vulnerabilidades XSS en ematStaticAlertTypes.jsp en la sección de ajustes de alertas en Dell SonicWALL Global Management System (GMS), Analyzer, y UMA EM5000 7.1 SP1 anterior al Hotfix 134235 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a través de los parámetros (1) valfield_1 o (2) value_1 a createNewThreshold.jsp. • https://www.exploit-db.com/exploits/30054 http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html http://osvdb.org/100610 http://seclists.org/fulldisclosure/2013/Dec/32 http://secunia.com/advisories/55923 http://www.exploit-db.com/exploits/30054 http://www.securityfocus.com/bid/64103 http://www.securitytracker.com/id/1029433 http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf http://www.vulnerability-lab.com/get_content.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •