CVE-2013-5495

{"id": "CVE-2013-5495", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-09-16T13:02:35.737", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5495", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1029038", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681."}, {"lang": "es", "value": "Vulnerabilidad Cross-site scripting (XSS) en el framework del servidor de aplicaciones de Cisco Unified MeetingPlace permite a atacantes remotos inyectar scripts web arbitrarios o c\u00f3digo HTML a trav\u00e9s de un un par\u00e1metro sin especificar , tambi\u00e9n conocido como Bug ID CSCui44681."}], "lastModified": "2013-10-11T14:35:47.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "713CDBB9-F841-455A-B173-7B239DF087D1"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}