CVE-2013-7025

Sonicwall Analyzer - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsjsp

https://www.exploit-db.com/exploits/30054

View Code ZIP pw:eip

References (10)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html

[Broken Link] http://osvdb.org/100610

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2013/Dec/32

[Third Party Advisory] http://secunia.com/advisories/55923

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/30054

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64103

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029433

[Vendor Advisory] http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf

[Exploit] http://www.vulnerability-lab.com/get_content.php?id=1099

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/89462

Scores

EPSS 0.0252

EPSS Percentile 85.2%

Details

CWE

CWE-79

Status published

Products (10)

sonicwall/analyzer

sonicwall/analyzer

sonicwall/analyzer

sonicwall/global_management_system

sonicwall/global_management_system

sonicwall/global_management_system

sonicwall/uma_e5000_firmware

sonicwall/uma_e5000_firmware

sonicwall/uma_e5000_firmware

n/a/n/a

Published Dec 09, 2013

Tracked Since Feb 18, 2026