Cross-Site Scripting Vulnerability in Cisco Unified Operations Manager
CVE-2013-3439

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Operations Manager
Vendor: CVE Published:; 23 July 2013

Summary

A cross-site scripting (XSS) vulnerability exists in the Cisco Unified Operations Manager, enabling attackers to inject arbitrary web scripts or HTML. This can be executed via a specially crafted URL in an unspecified HTTP header field. Exploitation of this vulnerability may allow unauthorized actions to be performed within the context of the user's session. It is important for users of Cisco Unified Operations Manager to implement security patches and review security protocols to safeguard against potential exploitation.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/61416

vdb-entryx_refsource_BID

http://osvdb.org/95585

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jul 23, 2013
Vulnerability Reserved
May 6, 2013