CVE-2013-7025

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.exploit-db.com/exploits/30054	Exploit Third Party Advisory VDB Entry
http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf	Vendor Advisory
http://seclists.org/fulldisclosure/2013/Dec/32	Exploit Mailing List Third Party Advisory
http://www.vulnerability-lab.com/get_content.php?id=1099	Exploit
http://www.securityfocus.com/bid/64103	Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029433	Third Party Advisory VDB Entry
http://osvdb.org/100610	Broken Link
http://secunia.com/advisories/55923	Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89462	VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sonicwall:global_management_system:7.1:::::::*
	cpe:2.3:a:sonicwall:global_management_system:7.1:sp1::::::
	cpe:2.3:a:sonicwall:analyzer:7.1:::::::*
	cpe:2.3:a:sonicwall:global_management_system:7.0:::::::*
	cpe:2.3:a:sonicwall:analyzer:7.0:::::::*
	cpe:2.3:a:sonicwall:analyzer:7.1:sp1::::::

Configuration 2 (hide)

AND

OR	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:::::::*
	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1::::::
	cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:::::::*

cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*

Information

Published : 2013-12-09 08:36

Updated : 2018-03-12 10:22

NVD link : CVE-2013-7025

Mitre link : CVE-2013-7025

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

sonicwall

global_management_system
uma_e5000_firmware
uma_e5000
analyzer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.exploit-db.com/exploits/30054", "name": "30054", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf", "name": "http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2013/Dec/32", "name": "20131205 Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.vulnerability-lab.com/get_content.php?id=1099", "name": "http://www.vulnerability-lab.com/get_content.php?id=1099", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/64103", "name": "64103", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1029433", "name": "1029433", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/100610", "name": "100610", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/55923", "name": "55923", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html", "name": "20131205 Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day)", "tags": ["Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462", "name": "sonicwall-ematstaticalerttypes-xss(89462)", "tags": ["VDB Entry"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-7025", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-12-09T16:36Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-03-12T17:22Z"}

3.5 /10