XSS in Sonicwall Analyzer
CVE-2013-7025
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticate…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.031 (87.1th percentile) — read the EPSS interpretation.
Affected products
- Sonicwall Analyzer — versions 7.0, 7.1
- Sonicwall Global_management_system — versions 7.0, 7.1
- Sonicwall Uma_e5000
- Sonicwall Uma_e5000_firmware — versions 7.0, 7.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 20131205 Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day) (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory)
- 55923 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- sonicwall-ematstaticalerttypes-xss(89462) (VDB Entry, vdb-entry, x_refsource_XF)
- 100610 (x_refsource_OSVDB, vdb-entry, Broken Link)
- 20131205 Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- 64103 (Exploit, Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 1029433 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 30054 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
- cve@mitre.org (Exploit, x_refsource_MISC)