Sign-up

ID

VAR-201312-0249


CVE

CVE-2013-6960


TITLE

Cisco WebEx Meeting Center Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005562

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. Cisco WebEx Meeting Center Contains a cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCul36248. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2013-6960 // JVNDB: JVNDB-2013-005562 // BID: 64273 // VULHUB: VHN-66962

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 64273 // JVNDB: JVNDB-2013-005562 // CNNVD: CNNVD-201312-271 // NVD: CVE-2013-6960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6960
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6960
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-271
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66962
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6960
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66962
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66962 // JVNDB: JVNDB-2013-005562 // CNNVD: CNNVD-201312-271 // NVD: CVE-2013-6960

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-66962 // JVNDB: JVNDB-2013-005562 // NVD: CVE-2013-6960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-271

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-271

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005562

PATCH
title:Cisco WebEx Multiple Cross-Site Scripting Vulnerabilitiesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960
Trust: 0.8
title:32152url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32152
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005562

EXTERNAL IDS
db:NVDid:CVE-2013-6960
Trust: 2.8
db:BIDid:64273
Trust: 1.4
db:OSVDBid:100904
Trust: 1.1
db:SECTRACKid:1029494
Trust: 1.1
db:JVNDBid:JVNDB-2013-005562
Trust: 0.8
db:CNNVDid:CNNVD-201312-271
Trust: 0.7
db:CISCOid:20131212 CISCO WEBEX MULTIPLE CROSS-SITE SCRIPTING VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-66962
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66962 // 
            
            
            
            BID: 64273 // 
            
            
            
            JVNDB: JVNDB-2013-005562 // 
            
            
            
            CNNVD: CNNVD-201312-271 // 
            
            
            
            NVD: CVE-2013-6960

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6960
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32152
Trust: 1.7
url:http://www.securityfocus.com/bid/64273
Trust: 1.1
url:http://osvdb.org/100904
Trust: 1.1
url:http://www.securitytracker.com/id/1029494
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89693
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6960
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6960
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66962 // 
            
            
            
            BID: 64273 // 
            
            
            
            JVNDB: JVNDB-2013-005562 // 
            
            
            
            CNNVD: CNNVD-201312-271 // 
            
            
            
            NVD: CVE-2013-6960

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64273

SOURCES
db:VULHUBid:VHN-66962
db:BIDid:64273
db:JVNDBid:JVNDB-2013-005562
db:CNNVDid:CNNVD-201312-271
db:NVDid:CVE-2013-6960

LAST UPDATE DATE
2024-11-23T22:02:19.516000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66962date:2017-11-29T00:00:00
db:BIDid:64273date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005562date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-271date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6960date:2024-11-21T02:00:03.727

SOURCES RELEASE DATE
db:VULHUBid:VHN-66962date:2013-12-14T00:00:00
db:BIDid:64273date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005562date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-271date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6960date:2013-12-14T22:55:14.287