Sign-up

ID

VAR-201312-0252


CVE

CVE-2013-6963


TITLE

Cisco WebEx Training Center Cross-site scripting vulnerability in the registration component

Trust: 0.8

sources: JVNDB: JVNDB-2013-005565

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCul36207. Cisco WebEx Training Center is an e-learning solution in a set of WebEx meeting solutions of Cisco (Cisco). The program provides a wealth of tools for online classrooms, online training, and online exams. The vulnerability is caused by the page not adequately filtering the input submitted by the user

Trust: 1.98

sources: NVD: CVE-2013-6963 // JVNDB: JVNDB-2013-005565 // BID: 64277 // VULHUB: VHN-66965

AFFECTED PRODUCTS

vendor:ciscomodel:webex training centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex training centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex training centerscope:eqversion:0

Trust: 0.3

sources: BID: 64277 // JVNDB: JVNDB-2013-005565 // CNNVD: CNNVD-201312-274 // NVD: CVE-2013-6963

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6963
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6963
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-274
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66965
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6963
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66965
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66965 // JVNDB: JVNDB-2013-005565 // CNNVD: CNNVD-201312-274 // NVD: CVE-2013-6963

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-66965 // JVNDB: JVNDB-2013-005565 // NVD: CVE-2013-6963

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-274

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-274

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005565

PATCH
title:Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963
Trust: 0.8
title:32159url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32159
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005565

EXTERNAL IDS
db:NVDid:CVE-2013-6963
Trust: 2.8
db:BIDid:64277
Trust: 1.4
db:SECTRACKid:1029492
Trust: 1.1
db:OSVDBid:100907
Trust: 1.1
db:JVNDBid:JVNDB-2013-005565
Trust: 0.8
db:CNNVDid:CNNVD-201312-274
Trust: 0.7
db:CISCOid:20131212 CISCO WEBEX TRAINING CENTER TRAINING REGISTRATION CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66965
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66965 // 
            
            
            
            BID: 64277 // 
            
            
            
            JVNDB: JVNDB-2013-005565 // 
            
            
            
            CNNVD: CNNVD-201312-274 // 
            
            
            
            NVD: CVE-2013-6963

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6963
Trust: 2.0
url:http://www.securityfocus.com/bid/64277
Trust: 1.1
url:http://osvdb.org/100907
Trust: 1.1
url:http://www.securitytracker.com/id/1029492
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89695
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6963
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6963
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66965 // 
            
            
            
            BID: 64277 // 
            
            
            
            JVNDB: JVNDB-2013-005565 // 
            
            
            
            CNNVD: CNNVD-201312-274 // 
            
            
            
            NVD: CVE-2013-6963

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64277

SOURCES
db:VULHUBid:VHN-66965
db:BIDid:64277
db:JVNDBid:JVNDB-2013-005565
db:CNNVDid:CNNVD-201312-274
db:NVDid:CVE-2013-6963

LAST UPDATE DATE
2024-11-23T21:55:29.742000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66965date:2017-11-29T00:00:00
db:BIDid:64277date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005565date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-274date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6963date:2024-11-21T02:00:04.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-66965date:2013-12-14T00:00:00
db:BIDid:64277date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-005565date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-274date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6963date:2013-12-14T22:55:14.363