CVE-2018-5281
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
SonicWall SonicOS en dispositivos Network Security Appliance (NSA) 2017 Q4 tiene Cross-Site Scripting (XSS) a través de las pantallas Cloud AV DB Exclusion Settings.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-08 CVE Reserved
- 2018-01-08 CVE Published
- 2023-08-04 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102443 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.vulnerability-lab.com/get_content.php?id=1729 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0002 | 2022-06-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | * | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Nsa 250m Search vendor "Sonicwall" for product "Nsa 250m" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | * | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Nsa 2600 Search vendor "Sonicwall" for product "Nsa 2600" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | * | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Nsa 2650 Search vendor "Sonicwall" for product "Nsa 2650" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | * | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Nsa 3600 Search vendor "Sonicwall" for product "Nsa 3600" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | * | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Nsa 4600 Search vendor "Sonicwall" for product "Nsa 4600" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | * | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Nsa 5600 Search vendor "Sonicwall" for product "Nsa 5600" | - | - |
Safe
|
| Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | * | - |
Affected
| in | Sonicwall Search vendor "Sonicwall" | Nsa 6600 Search vendor "Sonicwall" for product "Nsa 6600" | - | - |
Safe
|