CVE-2013-5376

2013-10-1700:55:03

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a “cross frame scripting” attack against an administrative user.

Affected configurations

Nvd

Node

ibmstorwize_v7000_unified_softwareMatch1.3.0.0

ibmstorwize_v7000_unified_softwareMatch1.3.2.0

ibmstorwize_v7000_unified_softwareMatch1.3.2.3

ibmstorwize_v7000_unified_softwareMatch1.4.0.0

ibmstorwize_v7000_unified_softwareMatch1.4.0.4

ibmstorwize_v7000_unified_softwareMatch1.4.1.0

ibmstorwize_v7000_unified_softwareMatch1.4.1.1

AND

ibmstorwize_v7000_unifiedMatch-

VendorProductVersionCPE
ibmstorwize_v7000_unified_software1.3.0.0cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.0.0:*:*:*:*:*:*:*
ibmstorwize_v7000_unified_software1.3.2.0cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.0:*:*:*:*:*:*:*
ibmstorwize_v7000_unified_software1.3.2.3cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.3:*:*:*:*:*:*:*
ibmstorwize_v7000_unified_software1.4.0.0cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.0:*:*:*:*:*:*:*
ibmstorwize_v7000_unified_software1.4.0.4cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.4:*:*:*:*:*:*:*
ibmstorwize_v7000_unified_software1.4.1.0cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.0:*:*:*:*:*:*:*
ibmstorwize_v7000_unified_software1.4.1.1cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.1:*:*:*:*:*:*:*
ibmstorwize_v7000_unified-cpe:2.3:h:ibm:storwize_v7000_unified:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	storwize_v7000_unified_software	1.3.0.0	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.0.0:::::::*
ibm	storwize_v7000_unified_software	1.3.2.0	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.0:::::::*
ibm	storwize_v7000_unified_software	1.3.2.3	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.3:::::::*
ibm	storwize_v7000_unified_software	1.4.0.0	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.0:::::::*
ibm	storwize_v7000_unified_software	1.4.0.4	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.4:::::::*
ibm	storwize_v7000_unified_software	1.4.1.0	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.0:::::::*
ibm	storwize_v7000_unified_software	1.4.1.1	cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.1:::::::*
ibm	storwize_v7000_unified	-	cpe:2.3:h:ibm:storwize_v7000_unified:-:::::::*