Advertisement






Dell SonicWALL Network Security Appliance NSA 6600 XSS

CVE Category Price Severity
CVE-XXXX-XXXX CWE-XX $XXXX High/Medium/Low
Author Risk Exploitation Type Date
Author Name Critical/High/Medium/Low Remote/Local 2016-12-31
CPE
cpe:cpe:/a:dell:sonicwall_network_security_appliance:nsa-6600
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016120170

Below is a copy:

Dell SonicWALL Network Security Appliance NSA 6600 XSSDell SonicWALL Network Security Appliance NSA 6600 Reflected XSS


Vendor: Dell Inc.
Product web page: https://www.sonicwall.com/products/sonicwall-nsa/
Affected version: NSA 6600 running SonicOS Enhanced 6.2.4.3-31n
                  WXA 4000 running 1.3.2.0-07
                  SafeMode 6.1.0.11

Summary: Uncompromising security and performance for emerging large organizations.
The NSA 6600 network security appliance delivers best-in-class protection, speed
and scalability with 12 Gbps throughput and up to 6000 VPN clients.

Desc: SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize
user-supplied input to the 'curUserName' GET parameter in the 'appFirewallSummary.html'
script. Attackers can exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.

Tested on: SonicWALL
           MySQL/5.0.96-community-nt
           Apache-Coyote/1.1
           Apache Tomcat 6.0.41


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2016-5391
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php


26.01.2016

--


https://127.0.0.1/appFirewallSummary.html?curSrcAddrString=&curTSAIdNum=0&curUserName=test";alert('XSS')//


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.