CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-3848

Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.2%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt
http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt

Products affected by CVE-2012-3848

Sonicwall » Scrutinizer » Version: 8.6.2

cpe:2.3:a:sonicwall:scrutinizer:8.6.2
Sonicwall » Scrutinizer » Version: 9.0.0

cpe:2.3:a:sonicwall:scrutinizer:9.0.0
Sonicwall » Scrutinizer » Version: 9.0.1

cpe:2.3:a:sonicwall:scrutinizer:9.0.1
Sonicwall » Scrutinizer » Version: 9.0.1.19899

cpe:2.3:a:sonicwall:scrutinizer:9.0.1.19899

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3848

Products

Pricing

Contact Us