CVE-2013-7025

Опубликовано: 09 дек. 2013

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

Комментарий

Per: http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf

"Affected Products Dell SonicWALL GMS Dell SonicWALL Analyzer Dell SonicWALL UMA E5000

Affected Software Versions Version 7.x"

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html
Third Party Advisory
http://osvdb.org/100610
Broken Link
http://seclists.org/fulldisclosure/2013/Dec/32
Exploit
Mailing List
Third Party Advisory
http://secunia.com/advisories/55923
Third Party Advisory
http://www.exploit-db.com/exploits/30054
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/64103
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029433
Third Party Advisory
VDB Entry
http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf
Vendor Advisory
http://www.vulnerability-lab.com/get_content.php?id=1099
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/89462
VDB Entry
http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html
Third Party Advisory
http://osvdb.org/100610
Broken Link
http://seclists.org/fulldisclosure/2013/Dec/32
Exploit
Mailing List
Third Party Advisory
http://secunia.com/advisories/55923
Third Party Advisory
http://www.exploit-db.com/exploits/30054
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/64103
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029433
Third Party Advisory
VDB Entry
http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf
Vendor Advisory
http://www.vulnerability-lab.com/get_content.php?id=1099
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/89462
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*

cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*

cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*

cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*

cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*

cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1:*:*:*:*:*:*

cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02518

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qgv6-wjcr-7pxr

github

больше 3 лет назад