CVE-2013-7025
CVE-2013-7025
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/30054unverifiedexploitdbwww.exploit-db.com/exploits/30054unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.htmlhttp://osvdb.org/100610http://seclists.org/fulldisclosure/2013/Dec/32http://secunia.com/advisories/55923https://exchange.xforce.ibmcloud.com/vulnerabilities/89462http://www.exploit-db.com/exploits/30054http://www.securityfocus.com/bid/64103http://www.securitytracker.com/id/1029433http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdfhttp://www.vulnerability-lab.com/get_content.php?id=1099