Lucene search

[email protected]CVE-2013-7025

HistoryDec 09, 2013 - 4:36 p.m.

CVE-2013-7025

2013-12-0916:36:50

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-7025

cross-site scripting

xss

dell sonicwall

gms

security vulnerability

web script injection

html injection

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

Affected configurations

NVD

Node

sonicwallanalyzerMatch7.0

sonicwallanalyzerMatch7.1

sonicwallanalyzerMatch7.1sp1

sonicwallglobal_management_systemMatch7.0

sonicwallglobal_management_systemMatch7.1

sonicwallglobal_management_systemMatch7.1sp1

Node

sonicwalluma_e5000_firmwareMatch7.0

sonicwalluma_e5000_firmwareMatch7.1

sonicwalluma_e5000_firmwareMatch7.1sp1

AND

sonicwalluma_e5000Match-

CPENameOperatorVersion
sonicwall:analyzersonicwall analyzereq7.0
sonicwall:analyzersonicwall analyzereq7.1
sonicwall:global_management_systemsonicwall global management systemeq7.0
sonicwall:global_management_systemsonicwall global management systemeq7.1

CPE	Name	Operator	Version
sonicwall:analyzer	sonicwall analyzer	eq	7.0
sonicwall:analyzer	sonicwall analyzer	eq	7.1
sonicwall:global_management_system	sonicwall global management system	eq	7.0
sonicwall:global_management_system	sonicwall global management system	eq	7.1

References

archives.neohapsis.com/archives/bugtraq/2013-12/0022.html

osvdb.org/100610

seclists.org/fulldisclosure/2013/Dec/32

secunia.com/advisories/55923

www.exploit-db.com/exploits/30054

www.securityfocus.com/bid/64103

www.securitytracker.com/id/1029433

www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf

www.vulnerability-lab.com/get_content.php?id=1099

exchange.xforce.ibmcloud.com/vulnerabilities/89462

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for CVE-2013-7025

prion1 vulnerlab2 cvelist1 nvd1