CVE-2013-5523

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:57

Type Values Removed Values Added
References () http://osvdb.org/98168 - () http://osvdb.org/98168 -
References () http://secunia.com/advisories/55207 - () http://secunia.com/advisories/55207 -
References () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 - Vendor Advisory
References () http://tools.cisco.com/security/center/viewAlert.x?alertId=31161 - Vendor Advisory () http://tools.cisco.com/security/center/viewAlert.x?alertId=31161 - Vendor Advisory
References () http://www.securityfocus.com/bid/62869 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/62869 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1029157 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1029157 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/87724 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/87724 -

Information

Published : 2013-10-10 10:55

Updated : 2024-11-21 01:57


NVD link : CVE-2013-5523

Mitre link : CVE-2013-5523

CVE.ORG link : CVE-2013-5523


JSON object : View

Products Affected

cisco

  • identity_services_engine_software
CWE
CWE-20

Improper Input Validation