CVE-2013-7025

Description

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

Related CPE's

asonicwallanalyzer7.0*******

asonicwallanalyzer7.1*******

asonicwallanalyzer7.1sp1******

asonicwallglobal_management_system7.0*******

asonicwallglobal_management_system7.1*******

asonicwallglobal_management_system7.1sp1******

osonicwalluma_e5000_firmware7.0*******

osonicwalluma_e5000_firmware7.1*******

osonicwalluma_e5000_firmware7.1sp1******

hsonicwalluma_e5000-*******

References

30054

ExploitThird Party AdvisoryVDB Entry

http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf

Vendor Advisory

20131205 Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability

ExploitMailing ListThird Party Advisory

http://www.vulnerability-lab.com/get_content.php?id=1099

Exploit

64103

ExploitThird Party AdvisoryVDB Entry

1029433

Third Party AdvisoryVDB Entry

100610

Broken Link

55923

Third Party Advisory

20131205 Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day)

Third Party Advisory

sonicwall-ematstaticalerttypes-xss(89462)

VDB Entry

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:S/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

SINGLE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

3.5

Created by Yello
About Severity.io