CVE-2013-5500
Summary
| CVE | CVE-2013-5500 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-09-20 16:55:00 UTC |
| Updated | 2013-10-02 19:43:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Mediasense | - | All | All | All |
| Application | Cisco | Mediasense | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco MediaSense Input Validation Flaws in oraadmin Service Page Permit Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| 20130919 Multiple Cisco MediaSense oraadmin Cross-Site Scripting Vulnerabilities | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco MediaSense CVE-2013-5500 Multiple Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.