CVE-2013-1247

{"id": "CVE-2013-1247", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-05-31T21:55:01.127", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1247", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en el m\u00f3dulo de configuraci\u00f3n de la red inal\u00e1mbrica en Cisco Prime Infraestructure permite a atacantes remotos a inyectar secuencias de comandos web o HTML a trav\u00e9s de una SSID que no es gestionada de forma correcta mientras se muestra la tabla de XML, tambi\u00e9n conocido como Bug ID CSCuf04356."}], "lastModified": "2013-06-03T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_infrastructure:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE4434FA-2808-4356-BDB7-A22E9D9A4567"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}