CVE-2013-7025

Published: Dec 9, 2013Modified: Apr 29, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

Affected (9)

Products: Sonicwall: Analyzer, Global Management System, Uma E5000 Firmware

3 products

Global Management System

Uma E5000 Firmware

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Analyzer	Version 7.0
Sonicwall Analyzer	Version 7.1
Sonicwall Analyzer	Version 7.1 sp1
Sonicwall Global Management System	Version 7.0
Sonicwall Global Management System	Version 7.1
Sonicwall Global Management System	Version 7.1 sp1

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sonicwall Uma E5000 Firmware	Version 7.0
Sonicwall Uma E5000 Firmware	Version 7.1
Sonicwall Uma E5000 Firmware	Version 7.1 sp1

Running on/with	Platform Versions
Sonicwall Uma E5000	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (20)

http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html

Source: cve@mitre.org

Third Party Advisory

http://osvdb.org/100610

Source: cve@mitre.org

Broken Link

http://seclists.org/fulldisclosure/2013/Dec/32

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://secunia.com/advisories/55923

Source: cve@mitre.org

Third Party Advisory

http://www.exploit-db.com/exploits/30054

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/64103

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029433

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf

Source: cve@mitre.org

Vendor Advisory

http://www.vulnerability-lab.com/get_content.php?id=1099

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/89462

Source: cve@mitre.org

VDB Entry

http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://osvdb.org/100610

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://seclists.org/fulldisclosure/2013/Dec/32

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://secunia.com/advisories/55923

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.exploit-db.com/exploits/30054

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/64103

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029433

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vulnerability-lab.com/get_content.php?id=1099

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/89462

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

Timeline

No history available yet.