CVE-2013-7231
published 2013-12-30CVE-2013-7231: Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject…
PriorityP413low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
1.08%
60.8th percentile
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| esri | arcgis_server | — | — |
| esri | arcgis_server | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pm7x-4wx3-9cgx: Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10
ghsa_unreviewed·2022-05-17·CVSS 3.5
CVE-2013-7231 [LOW] CWE-79 GHSA-pm7x-4wx3-9cgx: Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
GHSA
OpenStack Oslo utility sensitive information exposure via log files
ghsa·2022-05-14
CVE-2014-7231 [LOW] CWE-200 OpenStack Oslo utility sensitive information exposure via log files
OpenStack Oslo utility sensitive information exposure via log files
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Red Hat
Trove: potential leak of passwords into log files
vendor_redhat·2014-07-22·CVSS 2.1
CVE-2014-7231 [LOW] CWE-184 Trove: potential leak of passwords into log files
Trove: potential leak of passwords into log files
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Package: openstack-cinder (Red Hat OpenStack Platform 4) - Affected
Package: openstack-nova (Red Hat OpenStack Platform 4) - Affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009http://support.esri.com/en/knowledgebase/techarticles/detail/41468http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009http://support.esri.com/en/knowledgebase/techarticles/detail/41468
2013-12-30
Published