CVE-2014-2879

SonicWALL Email Security Appliance < 7.4.5 - Authenticated Cross-Site Scripting via Upload Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2879. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The document describes multiple persistent XSS vulnerabilities in Dell SonicWall EMail Security Appliance v7.4.5, allowing remote attackers to inject malicious script codes via POST requests in the `filename` parameter of specific modules.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.

Exploits (1)

exploitdb WRITEUP
by Vulnerability-Lab · textwebappsmultiple
https://www.exploit-db.com/exploits/32556

The document describes multiple persistent XSS vulnerabilities in Dell SonicWall EMail Security Appliance v7.4.5, allowing remote attackers to inject malicious script codes via POST requests in the `filename` parameter of specific modules.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Dell SonicWall EMail Security Appliance v7.4.5
Auth required
Prerequisites: Privileged user account · Access to vulnerable web interface
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029965
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531642/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66501
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/409

Scores

EPSS 0.0485
EPSS Percentile 91.0%

Details

CWE
CWE-79
Status published
Products (1)
sonicwall/email_security_appliance < 7.4.5
Published Apr 17, 2014
Tracked Since Feb 18, 2026