Sign-up

ID

VAR-201305-0117


CVE

CVE-2013-1244


TITLE

Cisco WebEx Social of portal Module cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002733

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199. Cisco WebEx Social of portal The module contains a cross-site scripting vulnerability. Cisco WebEx is a sharing and conferencing application for Microsoft Windows, Linux, and Mac OS X. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by the Cisco Bug ID CSCue67199. Cisco WebEx Social is an enterprise collaboration system platform of Cisco (Cisco). The system platform provides functions such as voice, video, applications (Web conferencing applications, messaging applications, mobile applications) and enterprise social software

Trust: 1.98

sources: NVD: CVE-2013-1244 // JVNDB: JVNDB-2013-002733 // BID: 59867 // VULHUB: VHN-61246

AFFECTED PRODUCTS

vendor:ciscomodel:webex socialscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex socialscope:lteversion:3.1(1)sr3

Trust: 0.8

sources: JVNDB: JVNDB-2013-002733 // CNNVD: CNNVD-201305-306 // NVD: CVE-2013-1244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1244
value: LOW

Trust: 1.0

NVD: CVE-2013-1244
value: LOW

Trust: 0.8

CNNVD: CNNVD-201305-306
value: LOW

Trust: 0.6

VULHUB: VHN-61246
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-1244
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61246
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61246 // JVNDB: JVNDB-2013-002733 // CNNVD: CNNVD-201305-306 // NVD: CVE-2013-1244

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61246 // JVNDB: JVNDB-2013-002733 // NVD: CVE-2013-1244

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-306

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201305-306

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002733

PATCH
title:WebEx Social Allows JavaScript URLs in Links Attached to Postsurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1244
Trust: 0.8
title:29332url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29332
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002733

EXTERNAL IDS
db:NVDid:CVE-2013-1244
Trust: 2.8
db:BIDid:59867
Trust: 1.0
db:JVNDBid:JVNDB-2013-002733
Trust: 0.8
db:CNNVDid:CNNVD-201305-306
Trust: 0.7
db:SECUNIAid:53417
Trust: 0.6
db:CISCOid:20130514 WEBEX SOCIAL ALLOWS JAVASCRIPT URLS IN LINKS ATTACHED TO POSTS
Trust: 0.6
db:VULHUBid:VHN-61246
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61246 // 
            
            
            
            BID: 59867 // 
            
            
            
            JVNDB: JVNDB-2013-002733 // 
            
            
            
            CNNVD: CNNVD-201305-306 // 
            
            
            
            NVD: CVE-2013-1244

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1244
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1244
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1244
Trust: 0.8
url:http://secunia.com/advisories/53417
Trust: 0.6
url:http://www.securityfocus.com/bid/59867
Trust: 0.6
sources:
            
            
            VULHUB: VHN-61246 // 
            
            
            
            JVNDB: JVNDB-2013-002733 // 
            
            
            
            CNNVD: CNNVD-201305-306 // 
            
            
            
            NVD: CVE-2013-1244

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 59867 // 
            
            
            
            CNNVD: CNNVD-201305-306

SOURCES
db:VULHUBid:VHN-61246
db:BIDid:59867
db:JVNDBid:JVNDB-2013-002733
db:CNNVDid:CNNVD-201305-306
db:NVDid:CVE-2013-1244

LAST UPDATE DATE
2024-11-23T23:05:53.943000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61246date:2013-05-16T00:00:00
db:BIDid:59867date:2013-05-24T17:24:00
db:JVNDBid:JVNDB-2013-002733date:2013-05-17T00:00:00
db:CNNVDid:CNNVD-201305-306date:2013-05-16T00:00:00
db:NVDid:CVE-2013-1244date:2024-11-21T01:49:10.850

SOURCES RELEASE DATE
db:VULHUBid:VHN-61246date:2013-05-16T00:00:00
db:BIDid:59867date:2013-05-14T00:00:00
db:JVNDBid:JVNDB-2013-002733date:2013-05-17T00:00:00
db:CNNVDid:CNNVD-201305-306date:2013-05-16T00:00:00
db:NVDid:CVE-2013-1244date:2013-05-16T03:36:22.747