The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
References
Link | Resource |
---|---|
http://osvdb.org/98168 | |
http://secunia.com/advisories/55207 | |
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 | Vendor Advisory |
http://tools.cisco.com/security/center/viewAlert.x?alertId=31161 | Vendor Advisory |
http://www.securityfocus.com/bid/62869 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1029157 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/87724 | |
http://osvdb.org/98168 | |
http://secunia.com/advisories/55207 | |
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 | Vendor Advisory |
http://tools.cisco.com/security/center/viewAlert.x?alertId=31161 | Vendor Advisory |
http://www.securityfocus.com/bid/62869 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1029157 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/87724 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/98168 - | |
References | () http://secunia.com/advisories/55207 - | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 - Vendor Advisory | |
References | () http://tools.cisco.com/security/center/viewAlert.x?alertId=31161 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/62869 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1029157 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/87724 - |
Information
Published : 2013-10-10 10:55
Updated : 2024-11-21 01:57
NVD link : CVE-2013-5523
Mitre link : CVE-2013-5523
CVE.ORG link : CVE-2013-5523
JSON object : View
Products Affected
cisco
- identity_services_engine_software
CWE
CWE-20
Improper Input Validation