2 matches found
CVE-2013-5563
CVE-2013-5563 is a cross-site scripting (XSS) vulnerability in Cisco Security Monitoring, Analysis and Response System (CS-MARS). The issue arises because input passed to Query/NewQueryResult.jsp (notably the isnowLatency parameter) is not properly sanitized, allowing an attacker to inject arbitr...
CVE-2013-1140
The vulnerability CVE-2013-1140 affects Cisco’s Security Monitoring, Analysis, and Response System (MARS). It stems from improper handling of XML External Entity (XXE) in the XML parser, allowing unauthenticated, remote attackers to read arbitrary files via an external entity declaration and an e...