Cross-Site Scripting Vulnerabilities in Cisco MediaSense
CVE-2013-5500

Currently unrated

Key Information:

Vendor: Cisco
Status: Mediasense
Vendor: CVE Published:; 20 September 2013

Summary

Cisco MediaSense contains multiple cross-site scripting (XSS) vulnerabilities within the oraadmin service page. These vulnerabilities allow remote attackers to inject arbitrary scripts into web pages that are viewed by other users. Exploiting these vulnerabilities can enable attackers to execute malicious scripts that may lead to unauthorized actions or data exfiltration. The vulnerabilities stem from insufficient validation of user-supplied input in various parameters, specifically identified in Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1029064

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/62575

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Sep 20, 2013
Vulnerability Reserved
Aug 22, 2013