CVE-2013-7025: XSS
First published: Mon Dec 09 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWALL Analyzer | =7.0 | |
| SonicWALL Analyzer | =7.1 | |
| SonicWALL Analyzer | =7.1-sp1 | |
| SonicWALL Global Management System | =7.0 | |
| SonicWALL Global Management System | =7.1 | |
| SonicWALL Global Management System | =7.1-sp1 | |
| SonicWall UMA E5000 Firmware | =7.0 | |
| SonicWall UMA E5000 Firmware | =7.1 | |
| SonicWall UMA E5000 Firmware | =7.1-sp1 | |
| SonicWALL UMA E5000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html
- http://osvdb.org/100610
- http://seclists.org/fulldisclosure/2013/Dec/32
- http://secunia.com/advisories/55923
- http://www.exploit-db.com/exploits/30054
- http://www.securityfocus.com/bid/64103
- http://www.securitytracker.com/id/1029433
- http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf
- http://www.vulnerability-lab.com/get_content.php?id=1099
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89462
Frequently Asked Questions
What is the severity of CVE-2013-7025?
CVE-2013-7025 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2013-7025?
To fix CVE-2013-7025, upgrade to Dell SonicWALL Global Management System, Analyzer, or UMA EM5000 version 7.1 SP1 with Hotfix 134235 or later.
Which software is affected by CVE-2013-7025?
CVE-2013-7025 affects SonicWALL Analyzer and Global Management System versions 7.0 and 7.1, as well as UMA EM5000 firmware versions 7.0 and 7.1.
Who can exploit CVE-2013-7025?
CVE-2013-7025 can be exploited by remote authenticated users, enabling them to inject arbitrary web scripts or HTML.
What type of vulnerability is CVE-2013-7025?
CVE-2013-7025 is a multiple cross-site scripting (XSS) vulnerability that allows for injection of malicious scripts.
- agent/softwarecombine
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sonicwall
- canonical/sonicwall analyzer
- version/sonicwall analyzer/7.0
- version/sonicwall analyzer/7.1
- version/sonicwall analyzer/7.1-sp1
- canonical/sonicwall global management system
- version/sonicwall global management system/7.0
- version/sonicwall global management system/7.1
- version/sonicwall global management system/7.1-sp1
- canonical/sonicwall uma e5000 firmware
- version/sonicwall uma e5000 firmware/7.0
- version/sonicwall uma e5000 firmware/7.1
- version/sonicwall uma e5000 firmware/7.1-sp1
- canonical/sonicwall uma e5000