Sign-up

ID

VAR-201312-0251


CVE

CVE-2013-6962


TITLE

Cisco WebEx Meeting Center Mobile browser subsystem vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005564

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCul36228. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2013-6962 // JVNDB: JVNDB-2013-005564 // BID: 64275 // VULHUB: VHN-66964

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 64275 // JVNDB: JVNDB-2013-005564 // CNNVD: CNNVD-201312-273 // NVD: CVE-2013-6962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6962
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6962
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-273
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66964
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6962
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66964
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66964 // JVNDB: JVNDB-2013-005564 // CNNVD: CNNVD-201312-273 // NVD: CVE-2013-6962

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-66964 // JVNDB: JVNDB-2013-005564 // NVD: CVE-2013-6962

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-273

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-273

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005564

PATCH
title:Cisco WebEx Meeting Center Mobile Browser Redirection Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6962
Trust: 0.8
title:32160url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32160
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005564

EXTERNAL IDS
db:NVDid:CVE-2013-6962
Trust: 2.8
db:BIDid:64275
Trust: 1.4
db:OSVDBid:100906
Trust: 1.1
db:SECTRACKid:1029494
Trust: 1.1
db:JVNDBid:JVNDB-2013-005564
Trust: 0.8
db:CNNVDid:CNNVD-201312-273
Trust: 0.7
db:CISCOid:20131212 CISCO WEBEX MEETING CENTER MOBILE BROWSER REDIRECTION CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66964
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66964 // 
            
            
            
            BID: 64275 // 
            
            
            
            JVNDB: JVNDB-2013-005564 // 
            
            
            
            CNNVD: CNNVD-201312-273 // 
            
            
            
            NVD: CVE-2013-6962

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6962
Trust: 2.0
url:http://www.securityfocus.com/bid/64275
Trust: 1.1
url:http://osvdb.org/100906
Trust: 1.1
url:http://www.securitytracker.com/id/1029494
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89694
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6962
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6962
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66964 // 
            
            
            
            BID: 64275 // 
            
            
            
            JVNDB: JVNDB-2013-005564 // 
            
            
            
            CNNVD: CNNVD-201312-273 // 
            
            
            
            NVD: CVE-2013-6962

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64275

SOURCES
db:VULHUBid:VHN-66964
db:BIDid:64275
db:JVNDBid:JVNDB-2013-005564
db:CNNVDid:CNNVD-201312-273
db:NVDid:CVE-2013-6962

LAST UPDATE DATE
2024-11-23T22:02:19.546000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66964date:2017-11-29T00:00:00
db:BIDid:64275date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005564date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-273date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6962date:2024-11-21T02:00:03.983

SOURCES RELEASE DATE
db:VULHUBid:VHN-66964date:2013-12-14T00:00:00
db:BIDid:64275date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005564date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-273date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6962date:2013-12-14T22:55:14.333