Sign-up

ID

VAR-201307-0204


CVE

CVE-2013-3419


TITLE

Cisco Unified MeetingPlace Web Conferencing Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003342

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh74981

Trust: 1.98

sources: NVD: CVE-2013-3419 // JVNDB: JVNDB-2013-003342 // BID: 61143 // VULHUB: VHN-63421

AFFECTED PRODUCTS

vendor:ciscomodel:unified meetingplace web conferencingscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified meetingplace web conferencingscope:lteversion:7.1(2)

Trust: 0.8

sources: JVNDB: JVNDB-2013-003342 // CNNVD: CNNVD-201307-235 // NVD: CVE-2013-3419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3419
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3419
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-235
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63421
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3419
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63421
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63421 // JVNDB: JVNDB-2013-003342 // CNNVD: CNNVD-201307-235 // NVD: CVE-2013-3419

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63421 // JVNDB: JVNDB-2013-003342 // NVD: CVE-2013-3419

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-235

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003342

PATCH
title:Cisco Unified MeetingPlace Web Conferencing XSS Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419
Trust: 0.8
title:30051url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30051
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003342

EXTERNAL IDS
db:NVDid:CVE-2013-3419
Trust: 2.8
db:JVNDBid:JVNDB-2013-003342
Trust: 0.8
db:CNNVDid:CNNVD-201307-235
Trust: 0.7
db:CISCOid:20130711 CISCO UNIFIED MEETINGPLACE WEB CONFERENCING XSS VULNERABILITY
Trust: 0.6
db:BIDid:61143
Trust: 0.4
db:VULHUBid:VHN-63421
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63421 // 
            
            
            
            BID: 61143 // 
            
            
            
            JVNDB: JVNDB-2013-003342 // 
            
            
            
            CNNVD: CNNVD-201307-235 // 
            
            
            
            NVD: CVE-2013-3419

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3419
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3419
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3419
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63421 // 
            
            
            
            BID: 61143 // 
            
            
            
            JVNDB: JVNDB-2013-003342 // 
            
            
            
            CNNVD: CNNVD-201307-235 // 
            
            
            
            NVD: CVE-2013-3419

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 61143

SOURCES
db:VULHUBid:VHN-63421
db:BIDid:61143
db:JVNDBid:JVNDB-2013-003342
db:CNNVDid:CNNVD-201307-235
db:NVDid:CVE-2013-3419

LAST UPDATE DATE
2024-08-14T15:35:13.332000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63421date:2013-07-12T00:00:00
db:BIDid:61143date:2013-07-16T17:54:00
db:JVNDBid:JVNDB-2013-003342date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-235date:2013-07-18T00:00:00
db:NVDid:CVE-2013-3419date:2013-07-12T04:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-63421date:2013-07-11T00:00:00
db:BIDid:61143date:2013-07-12T00:00:00
db:JVNDBid:JVNDB-2013-003342date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-235date:2013-07-18T00:00:00
db:NVDid:CVE-2013-3419date:2013-07-11T22:55:00.967