var-201309-0450
Vulnerability from variot
Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCug77823. This is a cross-frame scripting (XFS) Vulnerability related to the problem. Vendors have confirmed this vulnerability Bug ID CSCtk77823 It is released as.Skillfully crafted by a third party Web A clickjacking attack may be performed through the site, and other attacks may be performed. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible. The solution configures, manages, monitors and maintains the network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0450",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "prime lan management solution",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "4.2.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-192"
},
{
"db": "NVD",
"id": "CVE-2013-5482"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:prime_lan_management_solution",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "62366"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5482",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-5482",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-65484",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5482",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5482",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65484"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-192"
},
{
"db": "NVD",
"id": "CVE-2013-5482"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCug77823. This is a cross-frame scripting (XFS) Vulnerability related to the problem. Vendors have confirmed this vulnerability Bug ID CSCtk77823 It is released as.Skillfully crafted by a third party Web A clickjacking attack may be performed through the site, and other attacks may be performed. \nSuccessful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible. The solution configures, manages, monitors and maintains the network",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5482"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"db": "BID",
"id": "62366"
},
{
"db": "VULHUB",
"id": "VHN-65484"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5482",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004109",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-192",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130912 CISCO PRIME LAN MANAGEMENT SOLUTION CROSS-FRAME SCRIPTING VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "62366",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-65484",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65484"
},
{
"db": "BID",
"id": "62366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-192"
},
{
"db": "NVD",
"id": "CVE-2013-5482"
}
]
},
"id": "VAR-201309-0450",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-65484"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:02:21.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Prime LAN Management Solution Cross-Frame Scripting Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5482"
},
{
"title": "30769",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30769"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65484"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"db": "NVD",
"id": "CVE-2013-5482"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5482"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5482"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5482"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps11200/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65484"
},
{
"db": "BID",
"id": "62366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-192"
},
{
"db": "NVD",
"id": "CVE-2013-5482"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-65484"
},
{
"db": "BID",
"id": "62366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-192"
},
{
"db": "NVD",
"id": "CVE-2013-5482"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-65484"
},
{
"date": "2013-09-12T00:00:00",
"db": "BID",
"id": "62366"
},
{
"date": "2013-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-192"
},
{
"date": "2013-09-13T14:10:27.317000",
"db": "NVD",
"id": "CVE-2013-5482"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-65484"
},
{
"date": "2013-09-12T00:00:00",
"db": "BID",
"id": "62366"
},
{
"date": "2013-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004109"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-192"
},
{
"date": "2024-11-21T01:57:33.880000",
"db": "NVD",
"id": "CVE-2013-5482"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime LAN Management Solution Vulnerable to clickjacking",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004109"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-192"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…