Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Watch4Net | <= 6.5 |
| Emc | Vipr Srm | <= 3.6.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.htmlBroken Link
- http://www.securityfocus.com/bid/72259Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031567
- http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.htmlBroken Link
- http://www.securityfocus.com/bid/72259Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031567
FAQ
What is CVE-2015-0513?
CVE-2015-0513 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject ar...
How severe is CVE-2015-0513?
CVE-2015-0513 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0513?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Watch4Net, Emc Vipr Srm.