Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormGlafkos CharalambousPACKETSTORM:130527
HistoryFeb 25, 2015 - 12:00 a.m.

Cisco Ironport AsyncOS Cross Site Scripting

2015-02-2500:00:00
Glafkos Charalambous
packetstormsecurity.com
14

0.002 Low

EPSS

Percentile

62.5%

JSON
`Cisco Ironport AsyncOS Cross Site Scripting  
Vendor: Cisco  
Product webpage: http://www.cisco.com  
Affected version(s):   
Cisco Ironport ESA - AsyncOS 8.0.1-023  
Cisco Ironport WSA - AsyncOS 8.5.5-022  
Cisco Ironport SMA - AsyncOS 8.4.0-126  
Date: 24/02/2015  
Credits: Glafkos Charalambous  
CVE: CVE-2013-6780  
  
Disclosure Timeline:  
28-10-2014: Vendor Notification  
28-10-2014: Vendor Response/Feedback  
22-01-2015: Vendor Fix/Patch  
24-02-2015: Public Disclosure  
  
Description:  
Cisco AsyncOS is vulnerable to unauthenticated Cross-site scripting (XSS), caused by improper validation  
of user supplied input in the (uploader.swf) Uploader component in Yahoo! versions 2.5.0 through 2.9.0.  
  
An attacker is able to inject arbitrary web script or HTML via the allowedDomain parameter.  
  
  
XSS Payload:  
http(s)://domain.com/yui/uploader/assets/uploader.swf?allowedDomain=\"})))}catch(e){alert('XSS');}//  
  
  
References:  
https://tools.cisco.com/bugsearch/bug/CSCur44409  
https://tools.cisco.com/bugsearch/bug/CSCur89626  
https://tools.cisco.com/bugsearch/bug/CSCur89624  
http://yuilibrary.com/support/20131111-vulnerability/  
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6780  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6780  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v2.0.22 (MingW32)   
  
mQENBFE6TCMBCADQKVLT3xkJDQpUE6M3akJdFRWgFEy2pwoDbnOGDhw6yQYObDEuUlixRV5u  
xaIwzh9xPSS36B72bhQC3isHuqDu3xVhx9OX7XlLheXDZJdRbNIXQ3YPk1uYQizuoIpHq08x  
Eq4V2CXq7ovZPhWI6+iJt6QkVYvZXJdyoTKT8bLaFSOEfLeyAgkCQdXOgnzmNWeedxp0xGAj  
KL7qIhLETp/MK46ndo5hF8RIbVs59gWdu4GxXr96qViJLiAYO1dQNLc+LShMnue91neTjLoe  
JkpgqLfEGKV459eCJNqxlylIVbxyTmigExftZKAdNFHat0txK0fB/bLOwRnNFqYWQxanABEB  
AAG0KEdsYWZrb3MgQ2hhcmFsYW1ib3VzIDxnbGFma29zQGdtYWlsLmNvbT6JATgEEwECACIF  
AlE6TCMCGw8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEHAhLSD814yOAcoIALO6d2AQ  
M0l9KD9hPIody4VYOgY8stBrumI+t8njzJOYCCLdzB781vCAa0vINPFuFxGp2e8EfMfvf8+Z  
S6kC8EOQ6XyC8eq6imc1Q+tFMwTgykJZPFdosfXjBwg9jos/CR4dI6RZuzGC/FdXjpTAypbE  
n3m2a+DBb6CUPeB9nVQq6ukRGbuZ8S+veWRNFwKkTSwC0HKtf9Od+JBrLKesNa3LWLo8q7+d  
V3VS8rf8cmOOGBuaITzj87iRpgAgkF3MATa1Vb2nbbdYMpvHbzoj62mSqRiyEp1SOY9XkgcL  
2ORsjgjww7GpH3F8LFvaHSHVz+037+E/+i/OSTS7o6gY4eI=  
=yiro  
-----END PGP SIGNATURE-----  
  
`

Related

ubuntucve 1
prion 1
cve 1
cvelist 1
nessus 3
fedora 3
openvas 4
ubuntucve
ubuntucve
CVE-2013-6780
2013-11-13 00:00:00
prion
prion
Cross site scripting
2013-11-13 15:55:00
cve
cve
CVE-2013-6780
2013-11-13 15:55:00
cvelist
cvelist
CVE-2013-6780
2013-11-13 15:00:00
nessus
nessus
Fedora 19 : moodle-2.4.7-1.fc19 (2013-21397)
2013-11-25 00:00:00
Fedora 20 : moodle-2.5.3-1.fc20 (2013-21312)
2013-11-25 00:00:00
Fedora 18 : moodle-2.3.10-1.fc18 (2013-21354)
2013-11-25 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: moodle-2.5.3-1.fc20
2013-11-24 03:29:31
[SECURITY] Fedora 18 Update: moodle-2.3.10-1.fc18
2013-11-23 19:35:25
[SECURITY] Fedora 19 Update: moodle-2.4.7-1.fc19
2013-11-23 19:49:20
openvas
openvas
Fedora Update for moodle FEDORA-2013-21397
2013-11-26 00:00:00
Fedora Update for moodle FEDORA-2013-21354
2013-11-26 00:00:00
Fedora Update for moodle FEDORA-2013-21397
2013-11-26 00:00:00

0.002 Low

EPSS

Percentile

62.5%

JSON
Related for PACKETSTORM:130527
ubuntucve1prion1cve1cvelist1nessus3fedora3openvas4