CVE-2005-1006 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sonicwall	Soho Firmware Soho

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:soho_firmware:5.1.7.0:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html	Broken Link Exploit
http://secunia.com/advisories/14823	Not Applicable
http://securitytracker.com/id?1013638	Broken Link Third Party Advisory VDB Entry
http://www.oliverkarow.de/research/SonicWall.txt	Exploit Third Party Advisory
http://www.osvdb.org/15261	Broken Link
http://www.osvdb.org/15262	Broken Link
http://www.securityfocus.com/bid/12984	Exploit Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/19958	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/19960	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-04-07T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-04-07T00:00:00

Link: CVE-2005-1006

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-05-02T04:00:00.000

Modified: 2022-06-23T16:42:59.087

Link: CVE-2005-1006

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.oliverkarow.de/research/SonicWall.txt"}, {"name": "14823", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14823"}, {"name": "sonicwall-username-code-execution(19960)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"}, {"name": "15261", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/15261"}, {"name": "20050404 SonicWALL SOHO/10 - XSS vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"}, {"name": "12984", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12984"}, {"name": "sonicwall-http-get-requests-xss(19958)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"}, {"name": "1013638", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1013638"}, {"name": "15262", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/15262"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1006", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oliverkarow.de/research/SonicWall.txt", "refsource": "MISC", "url": "http://www.oliverkarow.de/research/SonicWall.txt"}, {"name": "14823", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14823"}, {"name": "sonicwall-username-code-execution(19960)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"}, {"name": "15261", "refsource": "OSVDB", "url": "http://www.osvdb.org/15261"}, {"name": "20050404 SonicWALL SOHO/10 - XSS vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"}, {"name": "12984", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12984"}, {"name": "sonicwall-http-get-requests-xss(19958)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"}, {"name": "1013638", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013638"}, {"name": "15262", "refsource": "OSVDB", "url": "http://www.osvdb.org/15262"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-1006", "datePublished": "2005-04-07T04:00:00", "dateReserved": "2005-04-07T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:soho_firmware:5.1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC4093B4-2F11-4368-AE43-208025118BAF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6B6B3FD-428E-4D6C-8C45-172CF4FB430D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file."}], "id": "CVE-2005-1006", "lastModified": "2022-06-23T16:42:59.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/14823"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1013638"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.oliverkarow.de/research/SonicWall.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/15261"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/15262"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/12984"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19958"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19960"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}