CVE-2013-3440

Published: Jul 23, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.

Affected (1)

Products: Cisco: Unified Operations Manager

1 product

Unified Operations Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Operations Manager	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

http://osvdb.org/95584

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=30175

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/61414

Source: psirt@cisco.com

http://www.securitytracker.com/id/1028819

Source: psirt@cisco.com

http://osvdb.org/95584

Source: af854a3a-2127-422b-91ae-364da2661108

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3440

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=30175

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/61414

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1028819

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.