CVE-2013-0010

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

24.9%

top 3.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft System Center Operations Manager

Timeline

PublishedJan 9

Latest updateMay 5

Description

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/system_center_operations_manager2007

🔴Vulnerability Details

GHSA

GHSA-93pf-5w83-v5p3: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web↗2022-05-05

▶

CVEList

CVE-2013-0010: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web↗2013-01-09

▶

💥Exploits & PoCs

Exploit-DB

Sendio ESP - Information Disclosure↗2015-05-26

▶