Lucene search

K
ciscoCiscoCISCO-SA-20131213-CVE-2013-6711
HistoryDec 13, 2013 - 7:08 p.m.

Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability

2013-12-1319:08:23
tools.cisco.com
12
cisco
webex
sales center
xss
vulnerability
administrative
product creation
unauthenticated
remote attacker
malicious site
exploit code

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

48.7%

A vulnerability in the administrative page for creating a new product in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by convincing a user to click a crafted URL.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners
Node
ciscowebex_sales_centerMatchany
OR
ciscowebex_sales_centerMatchany
VendorProductVersionCPE
ciscowebex_sales_centeranycpe:2.3:a:cisco:webex_sales_center:any:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

48.7%

Related for CISCO-SA-20131213-CVE-2013-6711