Sign-up

ID

VAR-201602-0046


CVE

CVE-2016-1305


TITLE

Cisco Application Policy Infrastructure Controller Enterprise Module cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2016-001492 // CNNVD: CNNVD-201602-046

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. Vendors have confirmed this vulnerability Bug ID CSCux15511 It is released as.By a third party HTML Depending on the issue with the entity, Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCux15511

Trust: 2.52

sources: NVD: CVE-2016-1305 // JVNDB: JVNDB-2016-001492 // CNVD: CNVD-2016-00881 // BID: 82318 // VULHUB: VHN-90124

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00881

AFFECTED PRODUCTS

vendor:ciscomodel:application policy infrastructure controller enterprise modulescope:eqversion:1.1

Trust: 1.7

vendor:ciscomodel:application policy infrastructure controller enterprise modulescope:eqversion:1.1_base

Trust: 1.6

sources: CNVD: CNVD-2016-00881 // BID: 82318 // JVNDB: JVNDB-2016-001492 // CNNVD: CNNVD-201602-046 // NVD: CVE-2016-1305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1305
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1305
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00881
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201602-046
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90124
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1305
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00881
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90124
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1305
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-00881 // VULHUB: VHN-90124 // JVNDB: JVNDB-2016-001492 // CNNVD: CNNVD-201602-046 // NVD: CVE-2016-1305

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-90124 // JVNDB: JVNDB-2016-001492 // NVD: CVE-2016-1305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-046

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201602-046

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001492

PATCH
title:cisco-sa-20160201-apic-emurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em
Trust: 0.8
title:Patch for CiscoApplicationPolicyInfrastructureController Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/71291
Trust: 0.6
title:Cisco Application Policy Infrastructure Controller Enterprise Module Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60050
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00881 // 
            
            
            
            JVNDB: JVNDB-2016-001492 // 
            
            
            
            CNNVD: CNNVD-201602-046

EXTERNAL IDS
db:NVDid:CVE-2016-1305
Trust: 3.4
db:BIDid:82318
Trust: 1.6
db:SECTRACKid:1034902
Trust: 1.1
db:JVNDBid:JVNDB-2016-001492
Trust: 0.8
db:CNNVDid:CNNVD-201602-046
Trust: 0.7
db:CNVDid:CNVD-2016-00881
Trust: 0.6
db:VULHUBid:VHN-90124
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00881 // 
            
            
            
            VULHUB: VHN-90124 // 
            
            
            
            BID: 82318 // 
            
            
            
            JVNDB: JVNDB-2016-001492 // 
            
            
            
            CNNVD: CNNVD-201602-046 // 
            
            
            
            NVD: CVE-2016-1305

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160201-apic-em
Trust: 2.0
url:http://www.securityfocus.com/bid/82318
Trust: 1.2
url:http://www.securitytracker.com/id/1034902
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1305
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1305
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-00881 // 
            
            
            
            VULHUB: VHN-90124 // 
            
            
            
            BID: 82318 // 
            
            
            
            JVNDB: JVNDB-2016-001492 // 
            
            
            
            CNNVD: CNNVD-201602-046 // 
            
            
            
            NVD: CVE-2016-1305

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 82318 // 
            
            
            
            CNNVD: CNNVD-201602-046

SOURCES
db:CNVDid:CNVD-2016-00881
db:VULHUBid:VHN-90124
db:BIDid:82318
db:JVNDBid:JVNDB-2016-001492
db:CNNVDid:CNNVD-201602-046
db:NVDid:CVE-2016-1305

LAST UPDATE DATE
2025-04-12T23:12:57.975000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00881date:2016-02-15T00:00:00
db:VULHUBid:VHN-90124date:2016-12-06T00:00:00
db:BIDid:82318date:2016-02-01T00:00:00
db:JVNDBid:JVNDB-2016-001492date:2016-02-25T00:00:00
db:CNNVDid:CNNVD-201602-046date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1305date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00881date:2016-02-15T00:00:00
db:VULHUBid:VHN-90124date:2016-02-07T00:00:00
db:BIDid:82318date:2016-02-01T00:00:00
db:JVNDBid:JVNDB-2016-001492date:2016-02-25T00:00:00
db:CNNVDid:CNNVD-201602-046date:2016-02-03T00:00:00
db:NVDid:CVE-2016-1305date:2016-02-07T11:59:02.880