CVE-2013-7025

Name of the Vulnerable Software and Affected Versions Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 version 7.1 SP1 before Hotfix 134235

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the ematStaticAlertTypes.jsp file within the Alert Settings section. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via specific parameters. The vulnerable parameters are valfield 1 and value 1 in the createNewThreshold.jsp endpoint.

Recommendations For Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 version 7.1 SP1 before Hotfix 134235, apply Hotfix 134235 to resolve the issue. As a temporary workaround, consider restricting access to the createNewThreshold.jsp endpoint and avoid using the valfield 1 and value 1 parameters until the hotfix is applied.