Details of VAR-201312-0235

ID

VAR-201312-0235

CVE

CVE-2013-6690

TITLE

Cisco Prime Collaboration of Assurance Component Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005341

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161. Vendors have confirmed this vulnerability Bug ID CSCui92643 , CSCui94038 ,and CSCui94161 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCui92643, CSCui94038, and CSCui94161. Cisco Prime Collaboration is a set of enterprise collaboration network management solutions from Cisco. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. The vulnerability stems from the fact that the page does not adequately sanitize user input. A remote attacker can exploit this vulnerability to inject arbitrary code or HTML, and obtain the user's access credentials

Trust: 1.98

sources: NVD: CVE-2013-6690 // JVNDB: JVNDB-2013-005341 // BID: 64060 // VULHUB: VHN-66692

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	prime collaboration	scope:	eq	version:	9.0	Trust: 1.1

sources: BID: 64060 // JVNDB: JVNDB-2013-005341 // CNNVD: CNNVD-201312-048 // NVD: CVE-2013-6690

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6690
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6690
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-048
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66692
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6690
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66692
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66692 // JVNDB: JVNDB-2013-005341 // CNNVD: CNNVD-201312-048 // NVD: CVE-2013-6690

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-66692 // JVNDB: JVNDB-2013-005341 // NVD: CVE-2013-6690

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-048

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-048

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005341

PATCH

title:	Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6690	Trust: 0.8
title:	31998	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31998	Trust: 0.8

sources: JVNDB: JVNDB-2013-005341

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6690	Trust: 2.8
db:	SECUNIA	id:	55954	Trust: 1.1
db:	SECTRACK	id:	1029425	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-005341	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-048	Trust: 0.7
db:	CISCO	id:	20131203 CISCO PRIME COLLABORATION ASSURANCE CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	BID	id:	64060	Trust: 0.4
db:	VULHUB	id:	VHN-66692	Trust: 0.1

sources: VULHUB: VHN-66692 // BID: 64060 // JVNDB: JVNDB-2013-005341 // CNNVD: CNNVD-201312-048 // NVD: CVE-2013-6690

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6690	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31998	Trust: 1.4
url:	http://www.securitytracker.com/id/1029425	Trust: 1.1
url:	http://secunia.com/advisories/55954	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6690	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6690	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps12363/index.html	Trust: 0.3

sources: VULHUB: VHN-66692 // BID: 64060 // JVNDB: JVNDB-2013-005341 // CNNVD: CNNVD-201312-048 // NVD: CVE-2013-6690

CREDITS

Cisco

Trust: 0.3

sources: BID: 64060

SOURCES

db:	VULHUB	id:	VHN-66692
db:	BID	id:	64060
db:	JVNDB	id:	JVNDB-2013-005341
db:	CNNVD	id:	CNNVD-201312-048
db:	NVD	id:	CVE-2013-6690

LAST UPDATE DATE

2025-04-11T22:55:50.206000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66692	date:	2016-09-15T00:00:00
db:	BID	id:	64060	date:	2013-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-005341	date:	2013-12-04T00:00:00
db:	CNNVD	id:	CNNVD-201312-048	date:	2013-12-05T00:00:00
db:	NVD	id:	CVE-2013-6690	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66692	date:	2013-12-03T00:00:00
db:	BID	id:	64060	date:	2013-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-005341	date:	2013-12-04T00:00:00
db:	CNNVD	id:	CNNVD-201312-048	date:	2013-12-05T00:00:00
db:	NVD	id:	CVE-2013-6690	date:	2013-12-03T19:56:32.203