ID CVE-2013-6960 Type cve Reporter NVD Modified 2017-11-28T21:29:06
Description
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.
{"result": {"seebug": [{"id": "SSV:61177", "type": "seebug", "title": "Cisco WebEx Meeting Center\u591a\u4e2a\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "description": "Bugtraq ID:64273\r\nCVE ID:CVE-2013-6960\r\n\r\nCisco WebEx\u662f\u4e00\u6b3e\u7f51\u7edc\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco WebEx Meeting Center\u5b58\u5728\u591a\u4e2a\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u8005\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\n0\nCisco WebEx Meeting Center\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nCisco\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\n\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960", "published": "2013-12-18T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-61177", "cvelist": ["CVE-2013-6960"], "lastseen": "2017-11-19T17:39:33"}], "cisco": [{"id": "CISCO-SA-20131213-CVE-2013-6960", "type": "cisco", "title": "Cisco WebEx Multiple Cross-Site Scripting Vulnerabilities ", "description": "Multiple vulnerabilities in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.\n\nThe vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by convincing a user to click a crafted URL.\n\nCisco has confirmed the vulnerability in a security notice; however, software updates are not available.\n\nTo exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.\n\nCisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.", "published": "2013-12-13T18:58:33", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20131213-CVE-2013-6960", "cvelist": ["CVE-2013-6960"], "lastseen": "2017-09-26T15:33:57"}]}}