Sign-up

ID

VAR-201305-0269


CVE

CVE-2013-1159


TITLE

Cisco Prime Central for Hosted Collaboration Solution Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-002540

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56706. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud56706. Cisco Prime is a service-centric solution developed by Cisco, which integrates and manages wired and wireless LANs, WANs, and data centers from terminals, network devices, and applications, and screens information

Trust: 1.98

sources: NVD: CVE-2013-1159 // JVNDB: JVNDB-2013-002540 // BID: 59697 // VULHUB: VHN-61161

AFFECTED PRODUCTS

vendor:ciscomodel:prime central for hosted collaboration solutionscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime central for hcs assurancescope: - version: -

Trust: 0.8

vendor:ciscomodel:prime central for hcs assurancescope:eqversion:9.0

Trust: 0.3

sources: BID: 59697 // JVNDB: JVNDB-2013-002540 // CNNVD: CNNVD-201305-010 // NVD: CVE-2013-1159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1159
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1159
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-010
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61161
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1159
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61161
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61161 // JVNDB: JVNDB-2013-002540 // CNNVD: CNNVD-201305-010 // NVD: CVE-2013-1159

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61161 // JVNDB: JVNDB-2013-002540 // NVD: CVE-2013-1159

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-010

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201305-010

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002540

PATCH
title:Cisco Prime Central for Hosted Collaboration Solution NCI Web Menus Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1159
Trust: 0.8
title:29146url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29146
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002540

EXTERNAL IDS
db:NVDid:CVE-2013-1159
Trust: 2.8
db:JVNDBid:JVNDB-2013-002540
Trust: 0.8
db:CNNVDid:CNNVD-201305-010
Trust: 0.7
db:CISCOid:20130430 CISCO PRIME CENTRAL FOR HOSTED COLLABORATION SOLUTION NCI WEB MENUS CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:59697
Trust: 0.4
db:VULHUBid:VHN-61161
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61161 // 
            
            
            
            BID: 59697 // 
            
            
            
            JVNDB: JVNDB-2013-002540 // 
            
            
            
            CNNVD: CNNVD-201305-010 // 
            
            
            
            NVD: CVE-2013-1159

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1159
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1159
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1159
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=29146
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12491/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61161 // 
            
            
            
            BID: 59697 // 
            
            
            
            JVNDB: JVNDB-2013-002540 // 
            
            
            
            CNNVD: CNNVD-201305-010 // 
            
            
            
            NVD: CVE-2013-1159

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 59697

SOURCES
db:VULHUBid:VHN-61161
db:BIDid:59697
db:JVNDBid:JVNDB-2013-002540
db:CNNVDid:CNNVD-201305-010
db:NVDid:CVE-2013-1159

LAST UPDATE DATE
2025-04-11T23:19:31.992000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61161date:2013-05-01T00:00:00
db:BIDid:59697date:2013-04-30T00:00:00
db:JVNDBid:JVNDB-2013-002540date:2013-05-02T00:00:00
db:CNNVDid:CNNVD-201305-010date:2013-05-02T00:00:00
db:NVDid:CVE-2013-1159date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-61161date:2013-05-01T00:00:00
db:BIDid:59697date:2013-04-30T00:00:00
db:JVNDBid:JVNDB-2013-002540date:2013-05-02T00:00:00
db:CNNVDid:CNNVD-201305-010date:2013-05-02T00:00:00
db:NVDid:CVE-2013-1159date:2013-05-01T12:00:08.533