Sign-up

ID

VAR-201309-0451


CVE

CVE-2013-5483


TITLE

Cisco SocialMiner of bookmarklet.jsp Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003991

DESCRIPTION

Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868. Cisco SocialMiner of bookmarklet.jsp Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh73868. Cisco SocialMiner is a set of social media call center solutions from Cisco. The solution supports social media monitoring and analysis capabilities. The vulnerability stems from the fact that the program does not adequately filter user input

Trust: 1.98

sources: NVD: CVE-2013-5483 // JVNDB: JVNDB-2013-003991 // BID: 62252 // VULHUB: VHN-65485

AFFECTED PRODUCTS

vendor:ciscomodel:socialminerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:socialminerscope:eqversion:9.0(1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-003991 // CNNVD: CNNVD-201309-043 // NVD: CVE-2013-5483

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5483
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5483
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-043
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65485
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5483
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65485
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65485 // JVNDB: JVNDB-2013-003991 // CNNVD: CNNVD-201309-043 // NVD: CVE-2013-5483

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65485 // JVNDB: JVNDB-2013-003991 // NVD: CVE-2013-5483

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-043

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-043

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003991

PATCH
title:Cisco SocialMiner Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483
Trust: 0.8
title:30674url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30674
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003991

EXTERNAL IDS
db:NVDid:CVE-2013-5483
Trust: 2.8
db:BIDid:62252
Trust: 1.4
db:SECTRACKid:1028989
Trust: 1.1
db:JVNDBid:JVNDB-2013-003991
Trust: 0.8
db:CNNVDid:CNNVD-201309-043
Trust: 0.7
db:CISCOid:20130906 CISCO SOCIALMINER CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65485
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65485 // 
            
            
            
            BID: 62252 // 
            
            
            
            JVNDB: JVNDB-2013-003991 // 
            
            
            
            CNNVD: CNNVD-201309-043 // 
            
            
            
            NVD: CVE-2013-5483

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5483
Trust: 1.7
url:http://www.securityfocus.com/bid/62252
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30674
Trust: 1.1
url:http://www.securitytracker.com/id/1028989
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86912
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5483
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5483
Trust: 0.8
sources:
            
            
            VULHUB: VHN-65485 // 
            
            
            
            JVNDB: JVNDB-2013-003991 // 
            
            
            
            CNNVD: CNNVD-201309-043 // 
            
            
            
            NVD: CVE-2013-5483

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62252

SOURCES
db:VULHUBid:VHN-65485
db:BIDid:62252
db:JVNDBid:JVNDB-2013-003991
db:CNNVDid:CNNVD-201309-043
db:NVDid:CVE-2013-5483

LAST UPDATE DATE
2024-11-23T22:08:29.454000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65485date:2017-08-29T00:00:00
db:BIDid:62252date:2013-09-11T00:10:00
db:JVNDBid:JVNDB-2013-003991date:2013-09-10T00:00:00
db:CNNVDid:CNNVD-201309-043date:2013-09-09T00:00:00
db:NVDid:CVE-2013-5483date:2024-11-21T01:57:33.993

SOURCES RELEASE DATE
db:VULHUBid:VHN-65485date:2013-09-08T00:00:00
db:BIDid:62252date:2013-09-06T00:00:00
db:JVNDBid:JVNDB-2013-003991date:2013-09-10T00:00:00
db:CNNVDid:CNNVD-201309-043date:2013-09-09T00:00:00
db:NVDid:CVE-2013-5483date:2013-09-08T03:17:39.757