Sign-up

ID

VAR-201306-0158


CVE

CVE-2013-3375


TITLE

Cisco Prime Central for Hosted Collaboration Solution Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-002977

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCue23798. The platform provides functions such as secure access authentication and real-time fault analysis

Trust: 1.98

sources: NVD: CVE-2013-3375 // JVNDB: JVNDB-2013-002977 // BID: 60563 // VULHUB: VHN-63377

AFFECTED PRODUCTS

vendor:ciscomodel:prime central for hosted collaboration solutionscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime central for hcs assurancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2013-002977 // CNNVD: CNNVD-201306-244 // NVD: CVE-2013-3375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3375
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3375
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201306-244
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63377
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3375
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63377
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63377 // JVNDB: JVNDB-2013-002977 // CNNVD: CNNVD-201306-244 // NVD: CVE-2013-3375

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63377 // JVNDB: JVNDB-2013-002977 // NVD: CVE-2013-3375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-244

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201306-244

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002977

PATCH
title:Cisco Prime Central for Hosted Collaboration Solution Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3375
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002977

EXTERNAL IDS
db:NVDid:CVE-2013-3375
Trust: 2.8
db:JVNDBid:JVNDB-2013-002977
Trust: 0.8
db:CNNVDid:CNNVD-201306-244
Trust: 0.7
db:CISCOid:20130613 CISCO PRIME CENTRAL FOR HOSTED COLLABORATION SOLUTION CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:60563
Trust: 0.4
db:VULHUBid:VHN-63377
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63377 // 
            
            
            
            BID: 60563 // 
            
            
            
            JVNDB: JVNDB-2013-002977 // 
            
            
            
            CNNVD: CNNVD-201306-244 // 
            
            
            
            NVD: CVE-2013-3375

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3375
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3375
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3375
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63377 // 
            
            
            
            BID: 60563 // 
            
            
            
            JVNDB: JVNDB-2013-002977 // 
            
            
            
            CNNVD: CNNVD-201306-244 // 
            
            
            
            NVD: CVE-2013-3375

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 60563

SOURCES
db:VULHUBid:VHN-63377
db:BIDid:60563
db:JVNDBid:JVNDB-2013-002977
db:CNNVDid:CNNVD-201306-244
db:NVDid:CVE-2013-3375

LAST UPDATE DATE
2025-04-11T23:12:00.825000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63377date:2013-06-14T00:00:00
db:BIDid:60563date:2013-06-18T15:17:00
db:JVNDBid:JVNDB-2013-002977date:2013-06-17T00:00:00
db:CNNVDid:CNNVD-201306-244date:2014-02-26T00:00:00
db:NVDid:CVE-2013-3375date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-63377date:2013-06-14T00:00:00
db:BIDid:60563date:2013-06-14T00:00:00
db:JVNDBid:JVNDB-2013-002977date:2013-06-17T00:00:00
db:CNNVDid:CNNVD-201306-244date:2013-06-14T00:00:00
db:NVDid:CVE-2013-3375date:2013-06-14T13:07:29.450