CVE-2013-3440: XSS
First published: Tue Jul 23 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Operations Manager |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3440?
CVE-2013-3440 is classified as a medium severity vulnerability.
How do I fix CVE-2013-3440?
To address CVE-2013-3440, ensure you apply the latest security patches provided by Cisco for Unified Operations Manager.
What types of attacks can CVE-2013-3440 facilitate?
CVE-2013-3440 can facilitate remote cross-site scripting (XSS) attacks, allowing attackers to inject arbitrary web scripts.
Who is affected by CVE-2013-3440?
CVE-2013-3440 affects users of Cisco Unified Operations Manager with its administrative web interface exposed.
What are the implications of a successful exploit of CVE-2013-3440?
Successful exploitation of CVE-2013-3440 allows attackers to obtain improperly secured cookies and potentially hijack user sessions.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/cisco
- canonical/cisco unified operations manager