VAR-201312-0335
Vulnerability from variot - Updated: 2023-12-18 13:29Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Multiple Dell SonicWALL Products are prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. The following products are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Managemnet Appliance E5000. Dell SonicWALL GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Dell SonicWALL Analyzer is a set of network analyzer software for SonicWALL infrastructure. A remote, authorized attacker could exploit this vulnerability to inject arbitrary web script or HTML by creating a specially crafted request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "uma e5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.1"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.1"
},
{
"model": "uma e5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "global management system",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.1"
},
{
"model": "analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "7.0"
},
{
"model": "sonicwall analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.1 sp1 hotfix 134235"
},
{
"model": "sonicwall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.x"
},
{
"model": "sonicwall global management system",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.1 sp1 hotfix 134235"
},
{
"model": "sonicwall global management system",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.x"
},
{
"model": "sonicwall universal management appliance e5000",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "sonicwall universal management appliance e5000 software",
"scope": "eq",
"trust": 0.8,
"vendor": "dell",
"version": "7.1 sp1 hotfix 134235"
},
{
"model": "sonicwall universal management appliance e5000 software",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "7.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:analyzer:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sonicwall:uma_e5000_firmware:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:uma_e5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7025"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Benjamin Kunz Mejri",
"sources": [
{
"db": "BID",
"id": "64103"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7025",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-7025",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-67027",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7025",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-154",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-67027",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Multiple Dell SonicWALL Products are prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. \nThe following products are vulnerable:\nDell SonicWALL Global Management System\nDell SonicWALL Analyzer\nDell SonicWALL Universal Managemnet Appliance E5000. Dell SonicWALL GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Dell SonicWALL Analyzer is a set of network analyzer software for SonicWALL infrastructure. A remote, authorized attacker could exploit this vulnerability to inject arbitrary web script or HTML by creating a specially crafted request",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "BID",
"id": "64103"
},
{
"db": "VULHUB",
"id": "VHN-67027"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67027",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7025",
"trust": 2.8
},
{
"db": "BID",
"id": "64103",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "30054",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1029433",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "100610",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "55923",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20131205 SONICWALL GMS V7.X - FILTER BYPASS \u0026 PERSISTENT VULNERABILITY",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-83518",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67027",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "BID",
"id": "64103"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"id": "VAR-201312-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:29:47.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerability",
"trust": 0.8,
"url": "http://www.sonicwall.com/us/shared/download/support_bulletin_gms_vulnerability_hotfix_134235.pdf"
},
{
"title": "\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b Dell SonicWALL GMS \u30b5\u30fc\u30d3\u30b9\u901f\u5831",
"trust": 0.8,
"url": "http://www.sonicwall.com/japan/support/support_notice131209.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.vulnerability-lab.com/get_content.php?id=1099"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/64103"
},
{
"trust": 1.7,
"url": "http://www.sonicwall.com/us/shared/download/support_bulletin_gms_vulnerability_hotfix_134235.pdf"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30054"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2013/dec/32"
},
{
"trust": 1.7,
"url": "http://osvdb.org/100610"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1029433"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/55923"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89462"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7025"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7025"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67027"
},
{
"db": "BID",
"id": "64103"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-67027"
},
{
"date": "2013-12-05T00:00:00",
"db": "BID",
"id": "64103"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"date": "2013-12-09T16:36:50.723000",
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"date": "2013-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-67027"
},
{
"date": "2013-12-11T00:47:00",
"db": "BID",
"id": "64103"
},
{
"date": "2013-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005496"
},
{
"date": "2018-03-12T17:22:58.757000",
"db": "NVD",
"id": "CVE-2013-7025"
},
{
"date": "2013-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell SonicWALL Product Alert Settings Section cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-154"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…