CVE-2013-7025
Summary
| CVE | CVE-2013-7025 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-12-09 16:36:00 UTC |
| Updated | 2018-03-12 17:22:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sonicwall | Analyzer | 7.0 | All | All | All |
| Application | Sonicwall | Analyzer | 7.1 | All | All | All |
| Application | Sonicwall | Analyzer | 7.1 | sp1 | All | All |
| Application | Sonicwall | Analyzer | 7.0 | All | All | All |
| Application | Sonicwall | Analyzer | 7.1 | All | All | All |
| Application | Sonicwall | Analyzer | 7.1 | sp1 | All | All |
| Application | Sonicwall | Global Management System | 7.0 | All | All | All |
| Application | Sonicwall | Global Management System | 7.1 | All | All | All |
| Application | Sonicwall | Global Management System | 7.1 | sp1 | All | All |
| Application | Sonicwall | Global Management System | 7.0 | All | All | All |
| Application | Sonicwall | Global Management System | 7.1 | All | All | All |
| Application | Sonicwall | Global Management System | 7.1 | sp1 | All | All |
| Hardware | Sonicwall | Uma E5000 | - | All | All | All |
| Hardware | Sonicwall | Uma E5000 | - | All | All | All |
| Operating System | Sonicwall | Uma E5000 Firmware | 7.0 | All | All | All |
| Operating System | Sonicwall | Uma E5000 Firmware | 7.1 | All | All | All |
| Operating System | Sonicwall | Uma E5000 Firmware | 7.1 | sp1 | All | All |
| Operating System | Sonicwall | Uma E5000 Firmware | 7.0 | All | All | All |
| Operating System | Sonicwall | Uma E5000 Firmware | 7.1 | All | All | All |
| Operating System | Sonicwall | Uma E5000 Firmware | 7.1 | sp1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SonicWALL GMS/Analyzer/UMA Input Validation Flaw in 'Alert Settings' Request Permits Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Sonicwall GMS 7.x - Filter Bypass & Persistent Vulnerability (0Day) | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Security Advisory SA55923 - SonicWALL Multiple Products Two Script Insertion Vulnerabilities - Secunia | SECUNIA | secunia.com | Third Party Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | VDB Entry |
| 403 Forbidden | MISC | www.vulnerability-lab.com | Exploit |
| 20131205 Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day) | BUGTRAQ | archives.neohapsis.com | Third Party Advisory |
| Full Disclosure: Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability | FULLDISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| 100610 | OSVDB | osvdb.org | Broken Link |
| Multiple Dell SonicWALL Products Multiple HTML Injection Vulnerabilities | BID | www.securityfocus.com | Exploit, Third Party Advisory, VDB Entry |
| Page Not Found | CONFIRM | www.sonicwall.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.