Sign-up

ID

VAR-201305-0270


CVE

CVE-2013-1160


TITLE

Cisco Prime Central for Hosted Collaboration Solution Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-002541

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56743. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud56743

Trust: 1.98

sources: NVD: CVE-2013-1160 // JVNDB: JVNDB-2013-002541 // BID: 59696 // VULHUB: VHN-61162

AFFECTED PRODUCTS

vendor:ciscomodel:prime central for hosted collaboration solutionscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime central for hcs assurancescope: - version: -

Trust: 0.8

vendor:ciscomodel:prime central for hcs assurancescope:eqversion:9.0

Trust: 0.3

sources: BID: 59696 // JVNDB: JVNDB-2013-002541 // CNNVD: CNNVD-201305-011 // NVD: CVE-2013-1160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1160
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1160
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-011
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61162
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1160
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61162
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61162 // JVNDB: JVNDB-2013-002541 // CNNVD: CNNVD-201305-011 // NVD: CVE-2013-1160

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61162 // JVNDB: JVNDB-2013-002541 // NVD: CVE-2013-1160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-011

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201305-011

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002541

PATCH
title:Cisco Prime Central for Hosted Collaboration Solution OpenView Web Menus Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1160
Trust: 0.8
title:29147url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29147
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002541

EXTERNAL IDS
db:NVDid:CVE-2013-1160
Trust: 2.8
db:JVNDBid:JVNDB-2013-002541
Trust: 0.8
db:CNNVDid:CNNVD-201305-011
Trust: 0.7
db:CISCOid:20130430 CISCO PRIME CENTRAL FOR HOSTED COLLABORATION SOLUTION OPENVIEW WEB MENUS CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:59696
Trust: 0.4
db:VULHUBid:VHN-61162
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61162 // 
            
            
            
            BID: 59696 // 
            
            
            
            JVNDB: JVNDB-2013-002541 // 
            
            
            
            CNNVD: CNNVD-201305-011 // 
            
            
            
            NVD: CVE-2013-1160

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1160
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1160
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1160
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=29147
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61162 // 
            
            
            
            BID: 59696 // 
            
            
            
            JVNDB: JVNDB-2013-002541 // 
            
            
            
            CNNVD: CNNVD-201305-011 // 
            
            
            
            NVD: CVE-2013-1160

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 59696

SOURCES
db:VULHUBid:VHN-61162
db:BIDid:59696
db:JVNDBid:JVNDB-2013-002541
db:CNNVDid:CNNVD-201305-011
db:NVDid:CVE-2013-1160

LAST UPDATE DATE
2025-04-11T23:18:54.817000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61162date:2013-05-01T00:00:00
db:BIDid:59696date:2013-05-01T00:00:00
db:JVNDBid:JVNDB-2013-002541date:2013-05-02T00:00:00
db:CNNVDid:CNNVD-201305-011date:2013-05-02T00:00:00
db:NVDid:CVE-2013-1160date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-61162date:2013-05-01T00:00:00
db:BIDid:59696date:2013-05-01T00:00:00
db:JVNDBid:JVNDB-2013-002541date:2013-05-02T00:00:00
db:CNNVDid:CNNVD-201305-011date:2013-05-02T00:00:00
db:NVDid:CVE-2013-1160date:2013-05-01T12:00:08.557