CVE-2013-7025
SonicWALL GMS Analyzer and UMA EM5000 7.1 SP1 - Authenticated Cross-Site Scripting via valfield_1 or value_1 Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-7025. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary The document describes a persistent XSS vulnerability in Dell SonicWall GMS v7.1.x, where attackers with low-privileged accounts can inject malicious script codes via the `valfield_1` and `value_1` parameters in the Alert Settings module. The vulnerability allows for persistent execution of script code in the `ematStaticAlertTypes.jsp` context.
Description
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
Exploits (1)
The document describes a persistent XSS vulnerability in Dell SonicWall GMS v7.1.x, where attackers with low-privileged accounts can inject malicious script codes via the `valfield_1` and `value_1` parameters in the Alert Settings module. The vulnerability allows for persistent execution of script code in the `ematStaticAlertTypes.jsp` context.