CVE-2013-6233

Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/125496	Exploit
http://www.exploit-db.com/exploits/32039	Exploit
http://www.securityfocus.com/archive/1/531322/100/0/threaded
http://www.securityfocus.com/bid/65915
https://exchange.xforce.ibmcloud.com/vulnerabilities/91506
http://packetstormsecurity.com/files/125496	Exploit
http://www.exploit-db.com/exploits/32039	Exploit
http://www.securityfocus.com/archive/1/531322/100/0/threaded
http://www.securityfocus.com/bid/65915
https://exchange.xforce.ibmcloud.com/vulnerabilities/91506

Configurations

Configuration 1 (hide)

cpe:2.3:a:eng:spagobi:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:58

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/125496 - Exploit~~	() http://packetstormsecurity.com/files/125496 - Exploit
References	~~() http://www.exploit-db.com/exploits/32039 - Exploit~~	() http://www.exploit-db.com/exploits/32039 - Exploit
References	~~() http://www.securityfocus.com/archive/1/531322/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/531322/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/65915 -~~	() http://www.securityfocus.com/bid/65915 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/91506 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/91506 -

Information

Published : 2014-03-09 13:16

Updated : 2024-11-21 01:58

NVD link : CVE-2013-6233

Mitre link : CVE-2013-6233

CVE.ORG link : CVE-2013-6233

JSON object : View

Products Affected

eng

spagobi

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-6233", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-03-09T13:16:56.617", "references": [{"url": "http://packetstormsecurity.com/files/125496", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/32039", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/531322/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/65915", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91506", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/125496", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/32039", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/531322/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/65915", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91506", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the \"Short document metadata.\""}, {"lang": "es", "value": "Vulnerabilidad de XSS en SpagoBI anterior a 4.1 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s del campo de descripci\u00f3n en el \"Short document metadata.\""}], "lastModified": "2024-11-21T01:58:53.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eng:spagobi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E33004E-C6C1-483C-A574-D339981C7499", "versionEndIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}