Cross-Site Scripting Vulnerabilities in Dell SonicWALL Management Solutions
CVE-2013-7025

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Analyzer; Global Management System
Vendor: CVE Published:; 9 December 2013

Summary

Dell SonicWALL Global Management System, Analyzer, and UMA EM5000 prior to Hotfix 134235 are susceptible to multiple cross-site scripting (XSS) vulnerabilities. Authenticated remote users can exploit this flaw by injecting arbitrary web scripts or HTML into the Alert Settings section through specific parameters. Such exploitation could lead to unauthorized actions and potential data breaches, underscoring the importance of patching and maintaining secure configurations.

References

http://archives.neohapsis.com/archives/bugtraq/2013-12/00...

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/55923

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/89462

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 9, 2013
Vulnerability Reserved
Dec 8, 2013