CVE-2013-0936

Published: Mar 28, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smarts MPLS Manager before 9.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Affected (6)

Products: Emc: Smarts Ip Manager, Smarts Mpls Manager, Smarts Network Protocol Manager, Smarts Server Manager, Smarts Services Assurance Manager, Smarts Voip Availability Manager

Emc

6 products

Smarts Ip Manager

Smarts Mpls Manager

Smarts Network Protocol Manager

Smarts Server Manager

Smarts Services Assurance Manager

Smarts Voip Availability Manager

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Emc Smarts Ip Manager	Version 9.1
Emc Smarts Mpls Manager	Version 9.1
Emc Smarts Network Protocol Manager	Version 9.1
Emc Smarts Server Manager	Version 9.1
Emc Smarts Services Assurance Manager	Version 9.1
Emc Smarts Voip Availability Manager	Version 9.1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

http://archives.neohapsis.com/archives/bugtraq/2013-03/0152.html

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2013-03/0152.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.