Vulnerability Description
Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Identity Services Engine Software | <= 1.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/98166
- http://secunia.com/advisories/55067
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=31159Vendor Advisory
- http://www.securityfocus.com/bid/62870Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029155Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87722
- http://osvdb.org/98166
- http://secunia.com/advisories/55067
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=31159Vendor Advisory
- http://www.securityfocus.com/bid/62870Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029155Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87722
FAQ
What is CVE-2013-5524?
CVE-2013-5524 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspe...
How severe is CVE-2013-5524?
CVE-2013-5524 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5524?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine Software.