Sign-up

ID

VAR-201304-0276


CVE

CVE-2013-1171


TITLE

Cisco Connected Grid Network Management System Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-002112

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540. Vendors have addressed this vulnerability Bug ID CSCue14517 , CSCue38914 , CSCue38884 , CSCue38882 , CSCue38881 , CSCue38872 , CSCue38868 , CSCue38866 , CSCue38853 , CSCue14540 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues are being tracked by Cisco Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540

Trust: 1.98

sources: NVD: CVE-2013-1171 // JVNDB: JVNDB-2013-002112 // BID: 58806 // VULHUB: VHN-61173

AFFECTED PRODUCTS

vendor:ciscomodel:connected grid network management systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:connected grid network management systemscope:eqversion:1.0(42)

Trust: 0.8

vendor:ciscomodel:connected grid network management systemscope:eqversion:0

Trust: 0.3

sources: BID: 58806 // JVNDB: JVNDB-2013-002112 // CNNVD: CNNVD-201304-004 // NVD: CVE-2013-1171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1171
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1171
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201304-004
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61173
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1171
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61173
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61173 // JVNDB: JVNDB-2013-002112 // CNNVD: CNNVD-201304-004 // NVD: CVE-2013-1171

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61173 // JVNDB: JVNDB-2013-002112 // NVD: CVE-2013-1171

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-004

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201304-004

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002112

PATCH
title:Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilitiesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1171
Trust: 0.8
title:28762url:http://tools.cisco.com/security/center/viewAlert.x?alertId=28762
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002112

EXTERNAL IDS
db:NVDid:CVE-2013-1171
Trust: 2.8
db:JVNDBid:JVNDB-2013-002112
Trust: 0.8
db:CNNVDid:CNNVD-201304-004
Trust: 0.7
db:CISCOid:20130401 CISCO CONNECTED GRID NETWORK MANAGEMENT SYSTEM CROSS-SITE SCRIPTING VULNERABILITIES
Trust: 0.6
db:BIDid:58806
Trust: 0.4
db:VULHUBid:VHN-61173
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61173 // 
            
            
            
            BID: 58806 // 
            
            
            
            JVNDB: JVNDB-2013-002112 // 
            
            
            
            CNNVD: CNNVD-201304-004 // 
            
            
            
            NVD: CVE-2013-1171

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1171
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1171
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1171
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps12360/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61173 // 
            
            
            
            BID: 58806 // 
            
            
            
            JVNDB: JVNDB-2013-002112 // 
            
            
            
            CNNVD: CNNVD-201304-004 // 
            
            
            
            NVD: CVE-2013-1171

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 58806

SOURCES
db:VULHUBid:VHN-61173
db:BIDid:58806
db:JVNDBid:JVNDB-2013-002112
db:CNNVDid:CNNVD-201304-004
db:NVDid:CVE-2013-1171

LAST UPDATE DATE
2024-11-23T23:02:52.325000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61173date:2013-04-02T00:00:00
db:BIDid:58806date:2013-04-01T00:00:00
db:JVNDBid:JVNDB-2013-002112date:2013-04-03T00:00:00
db:CNNVDid:CNNVD-201304-004date:2013-04-03T00:00:00
db:NVDid:CVE-2013-1171date:2024-11-21T01:49:02.540

SOURCES RELEASE DATE
db:VULHUBid:VHN-61173date:2013-04-01T00:00:00
db:BIDid:58806date:2013-04-01T00:00:00
db:JVNDBid:JVNDB-2013-002112date:2013-04-03T00:00:00
db:CNNVDid:CNNVD-201304-004date:2013-04-02T00:00:00
db:NVDid:CVE-2013-1171date:2013-04-01T19:55:01.297