CVE-2013-3396

{"id": "CVE-2013-3396", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-06-26T21:55:01.873", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/60829", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749."}, {"lang": "es", "value": "Vulnerabilidad XSS en Cisco Content Security Management sobre dispositivos Security Management Appliance (SMA), permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de un par\u00e1metro sin especificar. Aka Bug ID CSCuh24749."}], "lastModified": "2015-10-16T15:06:38.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60635EC8-9AFA-400D-A919-66E60CDEF852"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}