CVE-2013-3440

Cisco Unified Operations Manager - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.

References (5)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440

[Vendor Advisory] http://tools.cisco.com/security/center/viewAlert.x?alertId=30175

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/61414

[Third Party Advisory, VDB Entry] http://osvdb.org/95584

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1028819

Scores

EPSS 0.0036

EPSS Percentile 57.6%

Details

CWE

CWE-79

Status published

Products (2)

cisco/unified_operations_manager

n/a/n/a

Published Jul 23, 2013

Tracked Since Feb 18, 2026