Skip to main content

System Center Operations Manager CVE-2013-0009

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2013-01-09 secure@microsoft.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 09, 2013 - 18:09 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.9% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. Affected products include: Microsoft System Center Operations Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-38647 CRITICAL POC
9.8 Sep 15

Open Management Infrastructure Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2021-38648 HIGH POC
7.8 Sep 15

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2024-21334 CRITICAL
9.8 Mar 12

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulne

CVE-2013-0010 MEDIUM
4.3 Jan 09

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote att

CVE-2026-20967 HIGH
8.8 Mar 10

Privilege escalation in System Center Operations Manager via improper input validation enables authenticated network-bas

CVE-2021-1728 HIGH
8.8 Feb 25

System Center Operations Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2025-27743 HIGH
7.8 Apr 08

Untrusted search path in System Center allows an authorized attacker to elevate privileges locally. Rated high severity

CVE-2024-21330 HIGH
7.8 Mar 12

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerab

CVE-2022-33640 HIGH
7.8 Aug 09

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high

CVE-2022-29149 HIGH
7.8 Jun 15

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerab

CVE-2021-38645 HIGH
7.8 Sep 15

Open Management Infrastructure Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2021-41352 HIGH
7.5 Oct 13

SCOM Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

Share

CVE-2013-0009 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy