Vulnerability Details : CVE-2014-2879
Potential exploit
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2014-2879
- cpe:2.3:a:sonicwall:email_security_appliance:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2879
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2879
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-2879
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2879
-
http://www.securitytracker.com/id/1029965
SonicWALL Email Security Input Validation Flaw in 'License Management' and 'Advanced' Pages Permits Cross-Site Scripting Attacks - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/531642/100/0/threaded
SecurityFocus
-
http://seclists.org/fulldisclosure/2014/Mar/409
Full Disclosure: Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)Exploit;Mailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/66501
Dell SonicWall EMail Security Appliance Multiple HTML Injection VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf
Page Not FoundBroken Link
-
http://www.vulnerability-lab.com/get_content.php?id=1191
Exploit
Jump to