Skip to main content

Unified Communications Domain Manager CVE-2013-1132

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2013-07-10 psirt@cisco.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 10, 2013 - 21:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261.

AnalysisAI

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. Affected products include: Cisco Unified Communications Domain Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-3300 HIGH POC
7.5 Jul 07

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application

CVE-2014-2198 CRITICAL
10.0 Jul 07

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH priv

CVE-2018-0124 CRITICAL
9.8 Feb 22

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass

CVE-2014-2197 CRITICAL
9.0 Jul 07

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Applicat

CVE-2018-0364 HIGH
8.8 Jun 21

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unau

CVE-2014-3337 MEDIUM
6.8 Aug 12

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated user

CVE-2013-3418 MEDIUM
6.8 Jul 11

Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows re

CVE-2015-0588 MEDIUM
6.8 Jan 15

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote a

CVE-2015-0682 MEDIUM
6.5 Apr 03

Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiti

CVE-2014-8010 MEDIUM
6.5 Dec 10

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute

CVE-2014-3339 MEDIUM
6.5 Aug 12

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM)

CVE-2015-0684 MEDIUM
6.5 Apr 03

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allo

Share

CVE-2013-1132 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy