Vulnerability Description
Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Analyzer | <= 7.2 |
| Sonicwall | Global Management System | <= 7.2 |
| Sonicwall | Uma Em5000 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-CrExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/Jul/125ExploitMailing ListThird Party Advisory
- http://secunia.com/advisories/60287Third Party Advisory
- http://www.securityfocus.com/bid/68829ExploitThird Party AdvisoryVDB Entry
- https://support.software.dell.com/product-notification/128245Vendor Advisory
- http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-CrExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/Jul/125ExploitMailing ListThird Party Advisory
- http://secunia.com/advisories/60287Third Party Advisory
- http://www.securityfocus.com/bid/68829ExploitThird Party AdvisoryVDB Entry
- https://support.software.dell.com/product-notification/128245Vendor Advisory
FAQ
What is CVE-2014-5024?
CVE-2014-5024 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id par...
How severe is CVE-2014-5024?
CVE-2014-5024 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5024?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Analyzer, Sonicwall Global Management System, Sonicwall Uma Em5000.