Sign-up

ID

VAR-201304-0261


CVE

CVE-2013-1198


TITLE

Cisco Unified Computing System Central of Flash component Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-002502

DESCRIPTION

Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430. Vendors have confirmed this vulnerability CSCud15430 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud15430. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Trust: 1.98

sources: NVD: CVE-2013-1198 // JVNDB: JVNDB-2013-002502 // BID: 59579 // VULHUB: VHN-61200

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified computing system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing system central softwarescope:eqversion:0

Trust: 0.3

sources: BID: 59579 // JVNDB: JVNDB-2013-002502 // CNNVD: CNNVD-201304-604 // NVD: CVE-2013-1198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1198
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1198
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201304-604
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61200
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1198
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61200
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61200 // JVNDB: JVNDB-2013-002502 // CNNVD: CNNVD-201304-604 // NVD: CVE-2013-1198

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61200 // JVNDB: JVNDB-2013-002502 // NVD: CVE-2013-1198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-604

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201304-604

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002502

PATCH
title:Cisco Unified Computing System Central Software DOM-based Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1198
Trust: 0.8
title:29109url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29109
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002502

EXTERNAL IDS
db:NVDid:CVE-2013-1198
Trust: 2.8
db:JVNDBid:JVNDB-2013-002502
Trust: 0.8
db:CNNVDid:CNNVD-201304-604
Trust: 0.7
db:CISCOid:20130425 CISCO UNIFIED COMPUTING SYSTEM CENTRAL SOFTWARE DOM-BASED CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:59579
Trust: 0.4
db:VULHUBid:VHN-61200
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61200 // 
            
            
            
            BID: 59579 // 
            
            
            
            JVNDB: JVNDB-2013-002502 // 
            
            
            
            CNNVD: CNNVD-201304-604 // 
            
            
            
            NVD: CVE-2013-1198

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1198
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1198
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1198
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61200 // 
            
            
            
            BID: 59579 // 
            
            
            
            JVNDB: JVNDB-2013-002502 // 
            
            
            
            CNNVD: CNNVD-201304-604 // 
            
            
            
            NVD: CVE-2013-1198

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 59579

SOURCES
db:VULHUBid:VHN-61200
db:BIDid:59579
db:JVNDBid:JVNDB-2013-002502
db:CNNVDid:CNNVD-201304-604
db:NVDid:CVE-2013-1198

LAST UPDATE DATE
2025-04-11T23:02:58.392000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61200date:2013-04-29T00:00:00
db:BIDid:59579date:2013-04-25T00:00:00
db:JVNDBid:JVNDB-2013-002502date:2013-04-30T00:00:00
db:CNNVDid:CNNVD-201304-604date:2013-05-02T00:00:00
db:NVDid:CVE-2013-1198date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-61200date:2013-04-29T00:00:00
db:BIDid:59579date:2013-04-25T00:00:00
db:JVNDBid:JVNDB-2013-002502date:2013-04-30T00:00:00
db:CNNVDid:CNNVD-201304-604date:2013-04-29T00:00:00
db:NVDid:CVE-2013-1198date:2013-04-29T12:20:36.197