CVE-2014-2879

EUVD-2014-2903
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
sonicwallemail_security_appliance
𝑥
≤ 7.4.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2014/Mar/409
http://www.securityfocus.com/archive/1/531642/100/0/threaded
http://www.securityfocus.com/bid/66501
http://www.securitytracker.com/id/1029965
http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf
http://www.vulnerability-lab.com/get_content.php?id=1191
http://seclists.org/fulldisclosure/2014/Mar/409
http://www.securityfocus.com/archive/1/531642/100/0/threaded
http://www.securityfocus.com/bid/66501
http://www.securitytracker.com/id/1029965
http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf
http://www.vulnerability-lab.com/get_content.php?id=1191