CiscoCISCO-SA-20131203-CVE-2013-6690Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.2%
A vulnerability in the Assurance component of Cisco Prime Collaboration
could allow an unauthenticated, remote attacker to conduct several cross-site scripting (XSS) attacks against the user of the web interface
of the affected system.
The vulnerability is due to insufficient
validation of user input. An attacker could exploit this vulnerability
by persuading a user to follow a malicious link or access an
attacker-controlled website. An exploit could allow the attacker to
execute arbitrary client-side code in the browser of the unsuspecting
user in the security context of the website, which could allow the
attacker to obtain the user’s access credentials.
Cisco has confirmed the vulnerability and released software updates.
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco prime collaboration | eq | any | |
| cisco prime collaboration | eq | any |
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.2%