V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2013-1823
CVE
Medium

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attacke…

CVSS
4.3
Medium
EPSS
0.02
p76
Published
2013-01-01
Updated
2013-01-01
Description

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.

Tags · CWE
XSS
CWE-79
CAPEC-63
CAPEC-85
CAPEC-209
CAPEC-588
CAPEC-591
CAPEC-592
Affected products
Subscription_asset_manager ≤ 1.2.0Subscription_asset_manager
CVSS vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Timeline
2013-01-01
Published
2013-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.019 · p76
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
candlepinTracked
katelloTracked
katello-configureTracked
rubygem-actionpackTracked
rubygem-activemodelTracked
rubygem-delayed_jobTracked
rubygem-jsonTracked
rubygem-nokogiriTracked
rubygem-rackTracked
rubygem-rails_wardenTracked
rubygem-rdocTracked
thumbslugTracked
subscription_asset_manager*Tracked
Source databases
CVE
RED