Dell SonicWALL Network Security Appliance NSA 6600 suffers from a reflective cross site scripting vulnerability. Versions affected include NSA 6600 running SonicOS Enhanced 6.2.4.3-31n, WXA 4000 running 1.3.2.0-07, and SafeMode 6.1.0.11.
7acfa2c554a74790d4f42eb76bd861d05da2b1676d2dbb778bd9718473d384d5i>>?
Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS
Vendor: Dell Inc.
Product web page: https://www.sonicwall.com/products/sonicwall-nsa/
Affected version: NSA 6600 running SonicOS Enhanced 6.2.4.3-31n
WXA 4000 running 1.3.2.0-07
SafeMode 6.1.0.11
Summary: Uncompromising security and performance for emerging large organizations.
The NSA 6600 network security appliance delivers best-in-class protection, speed
and scalability with 12 Gbps throughput and up to 6000 VPN clients.
Desc: SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize
user-supplied input to the 'curUserName' GET parameter in the 'appFirewallSummary.html'
script. Attackers can exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.
Tested on: SonicWALL
MySQL/5.0.96-community-nt
Apache-Coyote/1.1
Apache Tomcat 6.0.41
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2016-5391
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php
26.01.2016
--
https://127.0.0.1/appFirewallSummary.html?curSrcAddrString=&curTSAIdNum=0&curUserName=test";alert('XSS')//
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed