Sign-up

ID

VAR-201307-0299


CVE

CVE-2013-1132


TITLE

Cisco Unified Communications Domain Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003326

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. Vendors report this vulnerability CSCud69972 , CSCud70193 ,and CSCud70261 Published as.By a third party, due to issues with the pages below, Web Script or HTML May be inserted. (1) IptAccountMgmt page (2) IptFeatureConfigTemplateMgmt page (3) IptFeatureDisplayPolicyMgmt page (4) IptProviderMgmt page. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues are being tracked by Cisco Bug IDs CSCud69972, CSCud70193, and CSCud70261. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2013-1132 // JVNDB: JVNDB-2013-003326 // BID: 61100 // VULHUB: VHN-61134

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2013-003326 // CNNVD: CNNVD-201307-213 // NVD: CVE-2013-1132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1132
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1132
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-213
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61134
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1132
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61134
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61134 // JVNDB: JVNDB-2013-003326 // CNNVD: CNNVD-201307-213 // NVD: CVE-2013-1132

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61134 // JVNDB: JVNDB-2013-003326 // NVD: CVE-2013-1132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-213

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-213

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003326

PATCH
title:Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1132
Trust: 0.8
title:30029url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30029
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003326

EXTERNAL IDS
db:NVDid:CVE-2013-1132
Trust: 2.8
db:JVNDBid:JVNDB-2013-003326
Trust: 0.8
db:CNNVDid:CNNVD-201307-213
Trust: 0.7
db:CISCOid:20130710 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:61100
Trust: 0.4
db:VULHUBid:VHN-61134
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61134 // 
            
            
            
            BID: 61100 // 
            
            
            
            JVNDB: JVNDB-2013-003326 // 
            
            
            
            CNNVD: CNNVD-201307-213 // 
            
            
            
            NVD: CVE-2013-1132

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1132
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1132
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1132
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61134 // 
            
            
            
            BID: 61100 // 
            
            
            
            JVNDB: JVNDB-2013-003326 // 
            
            
            
            CNNVD: CNNVD-201307-213 // 
            
            
            
            NVD: CVE-2013-1132

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 61100

SOURCES
db:VULHUBid:VHN-61134
db:BIDid:61100
db:JVNDBid:JVNDB-2013-003326
db:CNNVDid:CNNVD-201307-213
db:NVDid:CVE-2013-1132

LAST UPDATE DATE
2025-04-11T23:04:05.510000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61134date:2013-07-11T00:00:00
db:BIDid:61100date:2013-07-12T19:55:00
db:JVNDBid:JVNDB-2013-003326date:2013-07-12T00:00:00
db:CNNVDid:CNNVD-201307-213date:2013-07-17T00:00:00
db:NVDid:CVE-2013-1132date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-61134date:2013-07-10T00:00:00
db:BIDid:61100date:2013-07-10T00:00:00
db:JVNDBid:JVNDB-2013-003326date:2013-07-12T00:00:00
db:CNNVDid:CNNVD-201307-213date:2013-07-17T00:00:00
db:NVDid:CVE-2013-1132date:2013-07-10T21:55:00.907