CVE-2013-0009
published 2013-01-09CVE-2013-0009: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
13.64%
96.0th percentile
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | system_center_operations_manager | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-93pf-5w83-v5p3: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web
ghsa_unreviewed·2022-05-05·CVSS 4.3
CVE-2013-0010 [MEDIUM] CWE-79 GHSA-93pf-5w83-v5p3: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
GHSA
GHSA-q5jv-7j7q-rggq: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web
ghsa_unreviewed·2022-05-05·CVSS 4.3
CVE-2013-0009 [MEDIUM] CWE-79 GHSA-q5jv-7j7q-rggq: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
Red Hat
samba: no access check verification on stream files
vendor_redhat·2013-10-25·CVSS 4.0
CVE-2013-4475 [MEDIUM] samba: no access check verification on stream files
samba: no access check verification on stream files
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
Statement: This issue did not affect the samba package in Red Hat Enterprise Linux 5. This issue was addressed for the samba3x package in Red Hat Enterprise Linux 5 and the samba package in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2013-1806.html, and the samba package in Red Hat Storage via https://rhn.redhat.com/errata/RHSA-2014-0009.html
Package: samba (Red Hat Enterprise Linux 5) - Not affected
Package: samba (Red Hat
No detection rules found.
No public exploits indexed.
http://www.us-cert.gov/cas/techalerts/TA13-008A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15760http://www.us-cert.gov/cas/techalerts/TA13-008A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-003https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15760
2013-01-09
Published