Details of VAR-201309-0434

ID

VAR-201309-0434

CVE

CVE-2013-5495

TITLE

Cisco Unified MeetingPlace of Application Server of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-004114

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCui44681. This solution provides a user environment that integrates voice, video and Web conferencing

Trust: 1.98

sources: NVD: CVE-2013-5495 // JVNDB: JVNDB-2013-004114 // BID: 62389 // VULHUB: VHN-65497

AFFECTED PRODUCTS

vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified meetingplace	scope:	lte	version:	8.5	Trust: 0.8
vendor:	cisco	model:	unified meetingplace	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	7	Trust: 0.3
vendor:	cisco	model:	unified meetingplace	scope:	eq	version:	0	Trust: 0.3

sources: BID: 62389 // JVNDB: JVNDB-2013-004114 // CNNVD: CNNVD-201309-220 // NVD: CVE-2013-5495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5495
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5495
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-220
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65497
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5495
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65497
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65497 // JVNDB: JVNDB-2013-004114 // CNNVD: CNNVD-201309-220 // NVD: CVE-2013-5495

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-65497 // JVNDB: JVNDB-2013-004114 // NVD: CVE-2013-5495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-220

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-220

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004114

PATCH

title:	Cisco Unified MeetingPlace Application Server Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5495	Trust: 0.8
title:	30791	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30791	Trust: 0.8

sources: JVNDB: JVNDB-2013-004114

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5495	Trust: 2.8
db:	SECTRACK	id:	1029038	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004114	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-220	Trust: 0.7
db:	CISCO	id:	20130913 CISCO UNIFIED MEETINGPLACE APPLICATION SERVER CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	BID	id:	62389	Trust: 0.4
db:	VULHUB	id:	VHN-65497	Trust: 0.1

sources: VULHUB: VHN-65497 // BID: 62389 // JVNDB: JVNDB-2013-004114 // CNNVD: CNNVD-201309-220 // NVD: CVE-2013-5495

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5495	Trust: 1.7
url:	http://www.securitytracker.com/id/1029038	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5495	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5495	Trust: 0.8
url:	http://www.cisco.com/en/us/products/sw/ps5664/ps5669/index.html	Trust: 0.3

sources: VULHUB: VHN-65497 // BID: 62389 // JVNDB: JVNDB-2013-004114 // CNNVD: CNNVD-201309-220 // NVD: CVE-2013-5495

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 62389

SOURCES

db:	VULHUB	id:	VHN-65497
db:	BID	id:	62389
db:	JVNDB	id:	JVNDB-2013-004114
db:	CNNVD	id:	CNNVD-201309-220
db:	NVD	id:	CVE-2013-5495

LAST UPDATE DATE

2024-11-23T22:39:04.701000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65497	date:	2013-10-11T00:00:00
db:	BID	id:	62389	date:	2013-09-16T00:14:00
db:	JVNDB	id:	JVNDB-2013-004114	date:	2013-09-17T00:00:00
db:	CNNVD	id:	CNNVD-201309-220	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2013-5495	date:	2024-11-21T01:57:35.083

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65497	date:	2013-09-16T00:00:00
db:	BID	id:	62389	date:	2013-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-004114	date:	2013-09-17T00:00:00
db:	CNNVD	id:	CNNVD-201309-220	date:	2013-09-18T00:00:00
db:	NVD	id:	CVE-2013-5495	date:	2013-09-16T13:02:35.737