CVE-2013-7025
published 2013-12-09CVE-2013-7025: Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS)…
PriorityP419low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
4.34%
90.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | analyzer | — | — |
| sonicwall | analyzer | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | gms | — | — |
| sonicwall | uma_e5000_firmware | — | — |
| sonicwall | uma_e5000_firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qgv6-wjcr-7pxr: Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes
ghsa_unreviewed·2022-05-14
CVE-2013-7025 [LOW] CWE-79 GHSA-qgv6-wjcr-7pxr: Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
SonicWall
CVE-2013-7025: Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management Syst
vendor_sonicwall·2013-12-09·CVSS 3.5
CVE-2013-7025 [LOW] CWE-79 CVE-2013-7025: Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management Syst
CVE-2013-7025: Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.htmlhttp://osvdb.org/100610http://seclists.org/fulldisclosure/2013/Dec/32http://secunia.com/advisories/55923http://www.exploit-db.com/exploits/30054http://www.securityfocus.com/bid/64103http://www.securitytracker.com/id/1029433http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdfhttp://www.vulnerability-lab.com/get_content.php?id=1099https://exchange.xforce.ibmcloud.com/vulnerabilities/89462http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.htmlhttp://osvdb.org/100610http://seclists.org/fulldisclosure/2013/Dec/32http://secunia.com/advisories/55923http://www.exploit-db.com/exploits/30054http://www.securityfocus.com/bid/64103http://www.securitytracker.com/id/1029433http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdfhttp://www.vulnerability-lab.com/get_content.php?id=1099https://exchange.xforce.ibmcloud.com/vulnerabilities/89462
2013-12-09
Published