Sign-up

ID

VAR-201311-0303


CVE

CVE-2013-5563


TITLE

Cisco Security Monitoring, Analysis and Response System of Query/NewQueryResult.jsp Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005044

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCul16173. The system combines security event monitoring with correlation rules, factor analysis, abnormal traffic detection and other functions to help accurately identify and eliminate network attacks

Trust: 1.98

sources: NVD: CVE-2013-5563 // JVNDB: JVNDB-2013-005044 // BID: 63524 // VULHUB: VHN-65565

AFFECTED PRODUCTS

vendor:ciscomodel:security monitoring analysis and response systemscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:security monitoring, analysis and response systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:security monitoring analysis and response systemscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2013-005044 // CNNVD: CNNVD-201311-077 // NVD: CVE-2013-5563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5563
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5563
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201311-077
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65565
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5563
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65565
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65565 // JVNDB: JVNDB-2013-005044 // CNNVD: CNNVD-201311-077 // NVD: CVE-2013-5563

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65565 // JVNDB: JVNDB-2013-005044 // NVD: CVE-2013-5563

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-077

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201311-077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005044

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-65565

PATCH
title:Top Pageurl:http://www.cisco.com/en/US/hmpgs/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005044

EXTERNAL IDS
db:NVDid:CVE-2013-5563
Trust: 2.8
db:JVNDBid:JVNDB-2013-005044
Trust: 0.8
db:CNNVDid:CNNVD-201311-077
Trust: 0.7
db:BUGTRAQid:20131104 CISCO MARS CROSS-SITE SCRIPTING VULNERABILITY - CVE-2013-5563
Trust: 0.6
db:BIDid:63524
Trust: 0.4
db:PACKETSTORMid:123911
Trust: 0.1
db:VULHUBid:VHN-65565
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65565 // 
            
            
            
            BID: 63524 // 
            
            
            
            JVNDB: JVNDB-2013-005044 // 
            
            
            
            CNNVD: CNNVD-201311-077 // 
            
            
            
            NVD: CVE-2013-5563

REFERENCES
url:http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability
Trust: 2.8
url:http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5563
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5563
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps6241/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65565 // 
            
            
            
            BID: 63524 // 
            
            
            
            JVNDB: JVNDB-2013-005044 // 
            
            
            
            CNNVD: CNNVD-201311-077 // 
            
            
            
            NVD: CVE-2013-5563

CREDITS
Giovanni Delvecchio of the SmartNet s.r.l.
Trust: 0.3
sources:
            
            
            BID: 63524

SOURCES
db:VULHUBid:VHN-65565
db:BIDid:63524
db:JVNDBid:JVNDB-2013-005044
db:CNNVDid:CNNVD-201311-077
db:NVDid:CVE-2013-5563

LAST UPDATE DATE
2024-11-23T22:56:39.387000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65565date:2013-11-07T00:00:00
db:BIDid:63524date:2013-11-04T00:00:00
db:JVNDBid:JVNDB-2013-005044date:2013-11-07T00:00:00
db:CNNVDid:CNNVD-201311-077date:2013-11-07T00:00:00
db:NVDid:CVE-2013-5563date:2024-11-21T01:57:42.673

SOURCES RELEASE DATE
db:VULHUBid:VHN-65565date:2013-11-06T00:00:00
db:BIDid:63524date:2013-11-04T00:00:00
db:JVNDBid:JVNDB-2013-005044date:2013-11-07T00:00:00
db:CNNVDid:CNNVD-201311-077date:2013-11-07T00:00:00
db:NVDid:CVE-2013-5563date:2013-11-06T15:55:06.827