HTTP: Cisco Subscriber Edge Services Manager Cross-Site Scripting
This signature detects attempts to exploit a cross-site scripting vulnerability in Cisco Subscriber. An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Extended Description
Cisco Subscriber Edge Services Manager is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. We don't know which versions of Subscriber Edge Services Manager are affected. We will update this BID as more information emerges.
Affected Products
Cisco subscriber_edge_services_manager_(sesm)
Short Name
HTTP:XSS:CISCO-SESM
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-1287 Cisco Cross-Site Edge Manager Scripting Services Subscriber bid:34454
Release Date
06/11/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
CVSS Score
4.3