| Vulnerability Name: | CVE-2013-5505 (CCN-87530) | ||||||||
| Assigned: | 2013-09-27 | ||||||||
| Published: | 2013-09-27 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-5505 Source: OSVDB Type: UNKNOWN 97875 Source: CCN Type: SA54626 Cisco Identity Services Engine (ISE) Administration Interface Cross-Site Scripting Vulnerability Source: SECUNIA Type: Vendor Advisory 54626 Source: CCN Type: Cisco Security Notice Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability Source: CISCO Type: Vendor Advisory 20130927 Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=31008 Source: CCN Type: OSVDB ID: 97875 Cisco Identity Services Engine (ISE) Unspecified Reflected XSS Source: BID Type: UNKNOWN 62693 Source: CCN Type: BID-62693 Cisco Identity Services Engine CVE-2013-5505 Cross Site Scripting Vulnerability Source: SECTRACK Type: UNKNOWN 1029111 Source: XF Type: UNKNOWN cisco-ise-cve20135505-xss(87530) Source: XF Type: UNKNOWN cisco-ise-cve20135505-xss(87530) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||