Sign-up

ID

VAR-201304-0175


CVE

CVE-2013-1227


TITLE

Cisco Unified Communications Domain Manager of Web Cross-site scripting vulnerability in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-002506

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902. Vendors have confirmed this vulnerability Bug ID CSCug37902 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCug37902. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2013-1227 // JVNDB: JVNDB-2013-002506 // BID: 59540 // VULHUB: VHN-61229

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications domain managerscope:eqversion:0

Trust: 0.3

sources: BID: 59540 // JVNDB: JVNDB-2013-002506 // CNNVD: CNNVD-201304-608 // NVD: CVE-2013-1227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1227
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1227
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201304-608
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61229
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1227
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61229
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61229 // JVNDB: JVNDB-2013-002506 // CNNVD: CNNVD-201304-608 // NVD: CVE-2013-1227

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61229 // JVNDB: JVNDB-2013-002506 // NVD: CVE-2013-1227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-608

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201304-608

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002506

PATCH
title:Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1227
Trust: 0.8
title:29114url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29114
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002506

EXTERNAL IDS
db:NVDid:CVE-2013-1227
Trust: 2.8
db:JVNDBid:JVNDB-2013-002506
Trust: 0.8
db:CNNVDid:CNNVD-201304-608
Trust: 0.7
db:CISCOid:20130427 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:59540
Trust: 0.4
db:VULHUBid:VHN-61229
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61229 // 
            
            
            
            BID: 59540 // 
            
            
            
            JVNDB: JVNDB-2013-002506 // 
            
            
            
            CNNVD: CNNVD-201304-608 // 
            
            
            
            NVD: CVE-2013-1227

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1227
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1227
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1227
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61229 // 
            
            
            
            BID: 59540 // 
            
            
            
            JVNDB: JVNDB-2013-002506 // 
            
            
            
            CNNVD: CNNVD-201304-608 // 
            
            
            
            NVD: CVE-2013-1227

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 59540

SOURCES
db:VULHUBid:VHN-61229
db:BIDid:59540
db:JVNDBid:JVNDB-2013-002506
db:CNNVDid:CNNVD-201304-608
db:NVDid:CVE-2013-1227

LAST UPDATE DATE
2025-04-11T23:04:06.029000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61229date:2013-04-29T00:00:00
db:BIDid:59540date:2013-04-27T00:00:00
db:JVNDBid:JVNDB-2013-002506date:2013-04-30T00:00:00
db:CNNVDid:CNNVD-201304-608date:2013-05-02T00:00:00
db:NVDid:CVE-2013-1227date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-61229date:2013-04-29T00:00:00
db:BIDid:59540date:2013-04-27T00:00:00
db:JVNDBid:JVNDB-2013-002506date:2013-04-30T00:00:00
db:CNNVDid:CNNVD-201304-608date:2013-04-29T00:00:00
db:NVDid:CVE-2013-1227date:2013-04-29T12:20:36.287