CVE-2013-7025

SonicWALL GMS Analyzer and UMA EM5000 7.1 SP1 - Authenticated Cross-Site Scripting via valfield_1 or value_1 Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7025. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The document describes a persistent XSS vulnerability in Dell SonicWall GMS v7.1.x, where attackers with low-privileged accounts can inject malicious script codes via the `valfield_1` and `value_1` parameters in the Alert Settings module. The vulnerability allows for persistent execution of script code in the `ematStaticAlertTypes.jsp` context.

Description

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

Exploits (1)

exploitdb WRITEUP
by Vulnerability-Lab · textwebappsjsp
https://www.exploit-db.com/exploits/30054

The document describes a persistent XSS vulnerability in Dell SonicWall GMS v7.1.x, where attackers with low-privileged accounts can inject malicious script codes via the `valfield_1` and `value_1` parameters in the Alert Settings module. The vulnerability allows for persistent execution of script code in the `ematStaticAlertTypes.jsp` context.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Dell SonicWall GMS v7.1.x
Auth required
Prerequisites: Low-privileged application user account · Access to the Alert Settings module
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55923
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/100610
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Dec/32
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64103
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029433
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/30054

Scores

EPSS 0.0434
EPSS Percentile 90.0%

Details

CWE
CWE-79
Status published
Products (6)
sonicwall/analyzer 7.0
sonicwall/analyzer 7.1 (2 CPE variants)
sonicwall/global_management_system 7.0
sonicwall/global_management_system 7.1 (2 CPE variants)
sonicwall/uma_e5000_firmware 7.0
sonicwall/uma_e5000_firmware 7.1 (2 CPE variants)
Published Dec 09, 2013
Tracked Since Feb 18, 2026