CVE-2005-1006

Published: May 2, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.

Affected (1)

Products: Sonicwall: Soho Firmware

Sonicwall

1 product

Soho Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sonicwall Soho Firmware	Version 5.1.7.0

Running on/with	Platform Versions
Sonicwall Soho	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (18)

http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html

Source: cve@mitre.org

Broken LinkExploit

http://secunia.com/advisories/14823

Source: cve@mitre.org

Not Applicable

http://securitytracker.com/id?1013638

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.oliverkarow.de/research/SonicWall.txt

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.osvdb.org/15261

Source: cve@mitre.org

Broken Link

http://www.osvdb.org/15262

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/12984

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/19958

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/19960

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html