CVE-2013-5524

{"id": "CVE-2013-5524", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-10-10T10:55:06.617", "references": [{"url": "http://osvdb.org/98166", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/55067", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31159", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/62870", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1029155", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87722", "source": "ykramarz@cisco.com"}, {"url": "http://osvdb.org/98166", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55067", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31159", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/62870", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1029155", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87722", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n XSS en la p\u00e1gina de soluci\u00f3n de problemas en Cisco Identity Services Engine (ISE) 1.2 y anteriores permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de par\u00e1metros sin especificar, tambi\u00e9n conocido como Bug ID CSCug77655."}], "lastModified": "2024-11-21T01:57:38.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63BC1BB0-33FB-4CBC-99AD-E9E6593B2A11", "versionEndIncluding": "1.2"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}