Sign-up

ID

VAR-201309-0439


CVE

CVE-2013-5501


TITLE

Cisco MediaSense of oraservice Cross-site scripting vulnerability in pages

Trust: 0.8

sources: JVNDB: JVNDB-2013-004273

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328. Cisco MediaSense of oraservice The page contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuj23328. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc. The vulnerability is caused by the program not filtering parameters sufficiently

Trust: 1.98

sources: NVD: CVE-2013-5501 // JVNDB: JVNDB-2013-004273 // BID: 62574 // VULHUB: VHN-65503

AFFECTED PRODUCTS

vendor:ciscomodel:mediasensescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:mediasensescope:lteversion:9.1(1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-004273 // CNNVD: CNNVD-201309-360 // NVD: CVE-2013-5501

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5501
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5501
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-360
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65503
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5501
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65503
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65503 // JVNDB: JVNDB-2013-004273 // CNNVD: CNNVD-201309-360 // NVD: CVE-2013-5501

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65503 // JVNDB: JVNDB-2013-004273 // NVD: CVE-2013-5501

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-360

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-360

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004273

PATCH
title:Cisco MediaSense oraservice Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5501
Trust: 0.8
title:30925url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30925
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004273

EXTERNAL IDS
db:NVDid:CVE-2013-5501
Trust: 2.8
db:BIDid:62574
Trust: 1.4
db:SECTRACKid:1029064
Trust: 1.1
db:JVNDBid:JVNDB-2013-004273
Trust: 0.8
db:CNNVDid:CNNVD-201309-360
Trust: 0.7
db:CISCOid:20130919 CISCO MEDIASENSE ORASERVICE CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65503
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65503 // 
            
            
            
            BID: 62574 // 
            
            
            
            JVNDB: JVNDB-2013-004273 // 
            
            
            
            CNNVD: CNNVD-201309-360 // 
            
            
            
            NVD: CVE-2013-5501

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5501
Trust: 1.7
url:http://www.securityfocus.com/bid/62574
Trust: 1.1
url:http://www.securitytracker.com/id/1029064
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5501
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5501
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65503 // 
            
            
            
            BID: 62574 // 
            
            
            
            JVNDB: JVNDB-2013-004273 // 
            
            
            
            CNNVD: CNNVD-201309-360 // 
            
            
            
            NVD: CVE-2013-5501

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62574

SOURCES
db:VULHUBid:VHN-65503
db:BIDid:62574
db:JVNDBid:JVNDB-2013-004273
db:CNNVDid:CNNVD-201309-360
db:NVDid:CVE-2013-5501

LAST UPDATE DATE
2024-11-23T22:27:23.105000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65503date:2013-10-02T00:00:00
db:BIDid:62574date:2013-09-25T02:13:00
db:JVNDBid:JVNDB-2013-004273date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-360date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5501date:2024-11-21T01:57:35.797

SOURCES RELEASE DATE
db:VULHUBid:VHN-65503date:2013-09-20T00:00:00
db:BIDid:62574date:2013-09-19T00:00:00
db:JVNDBid:JVNDB-2013-004273date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-360date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5501date:2013-09-20T16:55:07.817