Lucene search

[email protected]CVE-2013-2270

HistoryMar 09, 2014 - 1:16 p.m.

CVE-2013-2270

2014-03-0913:16:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-2270

cross-site scripting

xss

airvana

hubbub

c1-600-rt

sprint

airave 2.5

administration page

vulnerability

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.0%

JSON

Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
airvana:hubbub_c1-600-rtairvana hubbub c1-600-rteq-
sprint:airave_softwaresprint airave softwareeq2.5
sprint:airavesprint airaveeq-

CPE	Name	Operator	Version
airvana:hubbub_c1-600-rt	airvana hubbub c1-600-rt	eq	-
sprint:airave_software	sprint airave software	eq	2.5
sprint:airave	sprint airave	eq	-

References

archives.neohapsis.com/archives/bugtraq/2013-02/0155.html

osvdb.org/90732

packetstormsecurity.com/files/120594/Airvana-HubBub-C1-600-RT-Cross-Site-Scripting.html

www.securityfocus.com/bid/58194

exchange.xforce.ibmcloud.com/vulnerabilities/82494

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2013-2270

prion1 securityvulns2