Cross-Site Scripting Flaw in Cisco Security Monitoring System
CVE-2013-5563

Currently unrated

Key Information:

Vendor
Cisco
Status
Security Monitoring Analysis And Response System
Vendor
CVE Published:
6 November 2013

Summary

A cross-site scripting (XSS) vulnerability exists within the Query/NewQueryResult.jsp file of Cisco Security Monitoring, Analysis and Response System (CS-MARS). This flaw allows remote attackers to inject arbitrary web scripts or HTML code by manipulating the isnowLatency parameter. Exploitation of this vulnerability could lead to unauthorized script execution in the context of users accessing the platform, potentially compromising sensitive data and enabling further attacks.

References

http://archives.neohapsis.com/archives/bugtraq/2013-11/00...
mailing-listx_refsource_BUGTRAQ
http://research.smartnetsecurity.net/advisory/-smt-sa-201...
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.