CVE-2013-7025

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html	Third Party Advisory
http://osvdb.org/100610	Broken Link
http://seclists.org/fulldisclosure/2013/Dec/32	Exploit Mailing List Third Party Advisory
http://secunia.com/advisories/55923	Third Party Advisory
http://www.exploit-db.com/exploits/30054	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/64103	Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029433	Third Party Advisory VDB Entry
http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf	Vendor Advisory
http://www.vulnerability-lab.com/get_content.php?id=1099	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/89462	VDB Entry
http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html	Third Party Advisory
http://osvdb.org/100610	Broken Link
http://seclists.org/fulldisclosure/2013/Dec/32	Exploit Mailing List Third Party Advisory
http://secunia.com/advisories/55923	Third Party Advisory
http://www.exploit-db.com/exploits/30054	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/64103	Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029433	Third Party Advisory VDB Entry
http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf	Vendor Advisory
http://www.vulnerability-lab.com/get_content.php?id=1099	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/89462	VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sonicwall:analyzer:7.0:::::::*
	cpe:2.3:a:sonicwall:analyzer:7.1:::::::*
	cpe:2.3:a:sonicwall:analyzer:7.1:sp1::::::
	cpe:2.3:a:sonicwall:global_management_system:7.0:::::::*
	cpe:2.3:a:sonicwall:global_management_system:7.1:::::::*
	cpe:2.3:a:sonicwall:global_management_system:7.1:sp1::::::

Configuration 2 (hide)

AND

OR	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:::::::*
	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:::::::*
	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1::::::

cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:00

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html - Third Party Advisory~~	() http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html - Third Party Advisory
References	~~() http://osvdb.org/100610 - Broken Link~~	() http://osvdb.org/100610 - Broken Link
References	~~() http://seclists.org/fulldisclosure/2013/Dec/32 - Exploit, Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2013/Dec/32 - Exploit, Mailing List, Third Party Advisory
References	~~() http://secunia.com/advisories/55923 - Third Party Advisory~~	() http://secunia.com/advisories/55923 - Third Party Advisory
References	~~() http://www.exploit-db.com/exploits/30054 - Exploit, Third Party Advisory, VDB Entry~~	() http://www.exploit-db.com/exploits/30054 - Exploit, Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/64103 - Exploit, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/64103 - Exploit, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1029433 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1029433 - Third Party Advisory, VDB Entry
References	~~() http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf - Vendor Advisory~~	() http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf - Vendor Advisory
References	~~() http://www.vulnerability-lab.com/get_content.php?id=1099 - Exploit~~	() http://www.vulnerability-lab.com/get_content.php?id=1099 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/89462 - VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/89462 - VDB Entry

Information

Published : 2013-12-09 16:36

Updated : 2025-04-11 00:51

NVD link : CVE-2013-7025

Mitre link : CVE-2013-7025

CVE.ORG link : CVE-2013-7025

JSON object : View

Products Affected

sonicwall

uma_e5000_firmware
global_management_system
uma_e5000
analyzer

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-7025", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-12-09T16:36:50.723", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/100610", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2013/Dec/32", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/55923", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/30054", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/64103", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1029433", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vulnerability-lab.com/get_content.php?id=1099", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/100610", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2013/Dec/32", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55923", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/30054", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/64103", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1029433", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vulnerability-lab.com/get_content.php?id=1099", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462", "tags": ["VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades XSS en ematStaticAlertTypes.jsp en la secci\u00f3n de ajustes de alertas en Dell SonicWALL Global Management System (GMS), Analyzer, y UMA EM5000 7.1 SP1 anterior al Hotfix 134235 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de los par\u00e1metros (1) valfield_1 o (2) value_1 a createNewThreshold.jsp."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD"}, {"criteria": "cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8078DCDB-FC88-41C8-BE14-688B5F4911E1"}, {"criteria": "cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19E54EA9-F9F8-47FA-9F31-C05C2AE59539"}, {"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEF95BB8-DF0B-4131-8A89-82DE559CC09B"}, {"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF555F86-D3E0-4763-9E9A-C26D5C986FC4"}, {"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "418595FE-EBFA-4B1D-A479-171BBD56279A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "907AFD7C-F904-47AC-937E-4CCDB5E4CEFF"}, {"criteria": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93D89B14-232D-4112-94B7-7757A3BBDD42"}, {"criteria": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B20FAD-1131-4C68-BA4D-8B1A20C1DF91"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8F6C2F1-8C1A-4BAD-8F49-464258B09354"}], "operator": "OR"}], "operator": "AND"}], "evaluatorComment": "Per: http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf\n\n\"Affected Products\nDell SonicWALL GMS\nDell SonicWALL Analyzer\nDell SonicWALL UMA E5000\n\nAffected Software Versions\nVersion\n7.x\"", "sourceIdentifier": "cve@mitre.org"}

3.5 /10