CVE-2014-0332
SonicWALL GMS and Analyzer - Cross-Site Scripting via node_id Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65498
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/727318
VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91062
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/103216
Vendor Advisory x_refsource_confirm
http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf
Scores
EPSS
0.0177
EPSS Percentile
82.9%
Details
CWE
CWE-79
Status
published
Products (4)
sonicwall/analyzer
7.0
sonicwall/analyzer
7.1 (2 CPE variants)
sonicwall/global_management_system
7.0
sonicwall/global_management_system
7.1 (2 CPE variants)
Published
Feb 14, 2014
Tracked Since
Feb 18, 2026