CVE-2012-3848
Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la consola web en Plixer Scrutinizer (también conocido como Dell SonicWALL Scrutinizer), permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) la cadena de petición sobre d4d/exporters.php, (2) la cabecera HTTP Referer sobre d4d/exporters.php, o (3) entrada no especificada sobre d4d/contextMenu.php.
Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-07-06 CVE Reserved
- 2012-07-29 CVE Published
- 2012-07-30 First Exploit
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/37547 | 2012-07-30 | |
| https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonicwall Search vendor "Sonicwall" | Scrutinizer Search vendor "Sonicwall" for product "Scrutinizer" | < 9.5.0 Search vendor "Sonicwall" for product "Scrutinizer" and version " < 9.5.0" | - |
Affected
| ||||||