ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability

ESA-2014-015.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability EMC Identifier: ESA-2014-015 CVE Identifier: CVE-2014-0623 Severity Rating: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Affected Products: RSA...

EMC RSA Authentication Manager crossframe scripting

Self-Service Console cross frame scripting...

Cross site scripting

Cross-site scripting XSS vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue...

CVE-2013-6327

Cross-site scripting XSS vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue...

CVE-2013-6698

The web interface on Cisco Wireless LAN Controller WLC devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bu...

CVE-2013-6698

CVE-2013-6698 concerns the web interface of Cisco Wireless LAN Controller (WLC). The vulnerability stems from insufficient restrictions on iframe usage, enabling cross-frame scripting (XFS) and clickjacking-like attacks via a crafted page. Affected component is the WLC web UI; root cause is inade...

Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

CVE-2013-6344

The ZCC page in Novell ZENworks Configuration Management ZCM before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors...

Cross site scripting

The ZCC page in Novell ZENworks Configuration Management ZCM before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors...

CVE-2013-6344

The ZCC page in Novell ZENworks Configuration Management ZCM before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors...

CVE-2013-6344

CVE-2013-6344 affects the ZCC page in Novell ZENworks Configuration Management (ZCM) prior to version 11.2.4. The issue is described as a cross-frame scripting vulnerability with unknown vectors, enabling attackers to perform cross-frame scripting attacks. The connected records confirm this is ti...

Novell ZENworks Configuration Management < 11.2.4 Multiple Vulnerabilities

The version of Novell ZENworks Configuration Management installed on the remote host can be tricked into disclosing any file readable by the Novell ZENworks umaninv service, and as such it is affected by multiple vulnerabilities : - A directory traversal vulnerability exists that allows any file...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user...

CVE-2013-5523

The Sponsor Portal in Cisco Identity Services Engine ISE 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS"...

CVE-2013-5523

The Sponsor Portal in Cisco Identity Services Engine ISE 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS"...

Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

Cisco Prime LAN Management Solution Cross-Frame Scripting

The version of Cisco Prime LAN Management Solution installed on the remote host is affected by a cross-frame scripting vulnerability due to insufficient filtering of user-supplied input. An attacker could leverage this to direct a user to an attacker controlled page and conduct clickjacking or...

CVE-2013-5482

Cisco Prime LAN Management Solution LMS does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCug77823...

Cross site scripting

Cisco Prime LAN Management Solution LMS does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCug77823...

Cisco Prime LAN Management Solution Cross-Frame Scripting Vulnerability

A vulnerability in Cisco Prime LAN Management Solution could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...