CVE-2018-5280

Published: Jan 8, 2018Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

Affected (5)

Products: Sonicwall: Sonicos

1 product

Configuration A

5 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Version 6.2.7.0
Sonicwall Sonicos	Version 6.2.9.0
Sonicwall Sonicos	Version 6.5.0.0
Sonicwall Sonicos	Version 6.5.1.0
Sonicwall Sonicos	Version 6.5.2.0

Running on/with	Platform Versions
Sonicwall Nsa 250m	All versions
Sonicwall Nsa 2600	All versions
Sonicwall Nsa 2650	All versions
Sonicwall Nsa 3600	All versions
Sonicwall Nsa 4600	All versions
Sonicwall Nsa 5600	All versions
Sonicwall Nsa 6600	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securityfocus.com/bid/102438

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0001

Source: cve@mitre.org

Vendor Advisory

https://www.vulnerability-lab.com/get_content.php?id=1725

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.securityfocus.com/bid/102438

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0001

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.vulnerability-lab.com/get_content.php?id=1725

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.