Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3848

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3848
Last Modified 31 Jul 2012 10:40:46
Published 31 Jul 2012 06:45:42
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3848

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.

Vulnerable Systems

Application

  • Dell Sonicwall Scrutinizer 8.6.2

  • Dell Sonicwall Scrutinizer 9.0.0

  • Dell Sonicwall Scrutinizer 9.0.1

  • Dell Sonicwall Scrutinizer 9.5.0

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 8.6.2

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.0.0

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.0.1

  • Dell Sonicwall Scrutinizer With Flow Analytics Module 9.5.0


References

MISC - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

MISC - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html


Last Updated: 27 May 2016 10:55:01