CVE-2013-5524

Опубликовано: 10 окт. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.

Ссылки

http://osvdb.org/98166
http://secunia.com/advisories/55067
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=31159
Vendor Advisory
http://www.securityfocus.com/bid/62870
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029155
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/87722
http://osvdb.org/98166
http://secunia.com/advisories/55067
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524
Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=31159
Vendor Advisory
http://www.securityfocus.com/bid/62870
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029155
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/87722

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*

Версия до 1.2 (включая)

cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00561

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h7hw-h27f-8v84

github

больше 3 лет назад