cvelistv5 - cve-2013-3589

CVE-2013-3589 (GCVE-0-2013-3589)

Vulnerability from cvelistv5 – Published: 2013-09-24 10:00 – Updated: 2024-09-16 18:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	http://www.kb.cert.org/vuls/id/BLUU-997QVW	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/920038	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:14:56.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
          },
          {
            "name": "VU#920038",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/920038"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-09-24T10:00:00Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
        },
        {
          "name": "VU#920038",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/920038"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-3589",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-997QVW",
              "refsource": "CONFIRM",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
            },
            {
              "name": "VU#920038",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/920038"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2013-3589",
    "datePublished": "2013-09-24T10:00:00Z",
    "dateReserved": "2013-05-21T00:00:00Z",
    "dateUpdated": "2024-09-16T18:23:58.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.95\", \"matchCriteriaId\": \"4D9D5B45-9540-438A-9865-C2BC1FABECE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac6_firmware:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8165B5AB-8EC5-409A-9B82-2FE1C801E93E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac6_firmware:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0432217-2FD7-49B4-8CB3-F9CD107F321B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac6_firmware:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CE3EFC4-0E43-4474-95A0-EE010E4432EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac6_firmware:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88F80B6F-D37C-4EF8-9307-548289B8D0E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac6_firmware:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37C84DCC-B988-41FC-83FF-3265FBD20436\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac6_firmware:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"282B62D0-949E-4664-AFE0-19A32AAE8583\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac6_firmware:1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5272179-2DFF-4880-9FA5-4AC95A584B62\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:dell:idrac6_monolithic:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1178ECF0-A8BD-4236-83D8-5F39CD8BF6F2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.40.40\", \"matchCriteriaId\": \"93014C51-F915-4635-A479-EEE4FC3816A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac7_firmware:1.00.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E072CD73-1FB4-46A5-96B4-C9440ACCD2B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac7_firmware:1.06.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F7E3E21-56E5-4F13-AE6C-6BD2A5D57FEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac7_firmware:1.10.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8E06108-77C9-4F9C-A0B1-BEDC5C23D862\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac7_firmware:1.20.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3542F818-1A1F-4B75-BA24-E5699F602301\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac7_firmware:1.23.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539A6346-747E-4ACA-B048-3C7DEF6CC2AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:idrac7_firmware:1.37.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32A7E775-FB16-4031-B85B-F0944251F4B6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:dell:idrac7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B004193-6FCE-4E0C-9B3F-D56B4605701B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad XSS en la p\\u00e1gina de login del interfaz de administraci\\u00f3n web en los dispositivos monol\\u00edticos Dell iDRAC6 con firmware anterior a v1.46.45 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\\u00e9s del par\\u00e1metro \\\"ErrorMsg\\\".\"}]",
      "id": "CVE-2013-3589",
      "lastModified": "2024-11-21T01:53:56.570",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2013-09-24T10:35:51.923",
      "references": "[{\"url\": \"http://www.kb.cert.org/vuls/id/920038\", \"source\": \"cret@cert.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/BLUU-997QVW\", \"source\": \"cret@cert.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/920038\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/BLUU-997QVW\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-3589\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2013-09-24T10:35:51.923\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad XSS en la p\u00e1gina de login del interfaz de administraci\u00f3n web en los dispositivos monol\u00edticos Dell iDRAC6 con firmware anterior a v1.46.45 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del par\u00e1metro \\\"ErrorMsg\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.95\",\"matchCriteriaId\":\"4D9D5B45-9540-438A-9865-C2BC1FABECE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac6_firmware:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8165B5AB-8EC5-409A-9B82-2FE1C801E93E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac6_firmware:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0432217-2FD7-49B4-8CB3-F9CD107F321B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac6_firmware:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CE3EFC4-0E43-4474-95A0-EE010E4432EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac6_firmware:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F80B6F-D37C-4EF8-9307-548289B8D0E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac6_firmware:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37C84DCC-B988-41FC-83FF-3265FBD20436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac6_firmware:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"282B62D0-949E-4664-AFE0-19A32AAE8583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac6_firmware:1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5272179-2DFF-4880-9FA5-4AC95A584B62\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:dell:idrac6_monolithic:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1178ECF0-A8BD-4236-83D8-5F39CD8BF6F2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.40.40\",\"matchCriteriaId\":\"93014C51-F915-4635-A479-EEE4FC3816A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac7_firmware:1.00.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E072CD73-1FB4-46A5-96B4-C9440ACCD2B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac7_firmware:1.06.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F7E3E21-56E5-4F13-AE6C-6BD2A5D57FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac7_firmware:1.10.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E06108-77C9-4F9C-A0B1-BEDC5C23D862\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac7_firmware:1.20.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3542F818-1A1F-4B75-BA24-E5699F602301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac7_firmware:1.23.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539A6346-747E-4ACA-B048-3C7DEF6CC2AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:idrac7_firmware:1.37.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A7E775-FB16-4031-B85B-F0944251F4B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:dell:idrac7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B004193-6FCE-4E0C-9B3F-D56B4605701B\"}]}]}],\"references\":[{\"url\":\"http://www.kb.cert.org/vuls/id/920038\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/BLUU-997QVW\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/920038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/BLUU-997QVW\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]}]}}"
  }
}

GSD-2013-3589

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-3589

Aliases

CVE-2013-3589

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3589",
    "description": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.",
    "id": "GSD-2013-3589"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3589"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.",
      "id": "GSD-2013-3589",
      "modified": "2023-12-13T01:22:22.955193Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2013-3589",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.kb.cert.org/vuls/id/BLUU-997QVW",
            "refsource": "CONFIRM",
            "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
          },
          {
            "name": "VU#920038",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/920038"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.95",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:idrac6_monolithic:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.37.35:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.20.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.10.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.06.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.00.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.40.40",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.23.23:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:idrac7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-3589"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#920038",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/920038"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-997QVW",
              "refsource": "CONFIRM",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2013-09-25T17:52Z",
      "publishedDate": "2013-09-24T10:35Z"
    }
  }
}

FKIE_CVE-2013-3589

Vulnerability from fkie_nvd - Published: 2013-09-24 10:35 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://www.kb.cert.org/vuls/id/920038	US Government Resource
cret@cert.org	http://www.kb.cert.org/vuls/id/BLUU-997QVW	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/920038	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/BLUU-997QVW	US Government Resource

Impacted products

Vendor	Product	Version
dell	idrac6_firmware	*
dell	idrac6_firmware	1.0
dell	idrac6_firmware	1.1
dell	idrac6_firmware	1.2
dell	idrac6_firmware	1.3
dell	idrac6_firmware	1.5
dell	idrac6_firmware	1.6
dell	idrac6_firmware	1.8
dell	idrac6_monolithic	-
dell	idrac7_firmware	*
dell	idrac7_firmware	1.00.00
dell	idrac7_firmware	1.06.06
dell	idrac7_firmware	1.10.10
dell	idrac7_firmware	1.20.20
dell	idrac7_firmware	1.23.23
dell	idrac7_firmware	1.37.35
dell	idrac7	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9D5B45-9540-438A-9865-C2BC1FABECE8",
              "versionEndIncluding": "1.95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac6_firmware:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8165B5AB-8EC5-409A-9B82-2FE1C801E93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac6_firmware:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0432217-2FD7-49B4-8CB3-F9CD107F321B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac6_firmware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE3EFC4-0E43-4474-95A0-EE010E4432EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac6_firmware:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F80B6F-D37C-4EF8-9307-548289B8D0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac6_firmware:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C84DCC-B988-41FC-83FF-3265FBD20436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac6_firmware:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "282B62D0-949E-4664-AFE0-19A32AAE8583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac6_firmware:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5272179-2DFF-4880-9FA5-4AC95A584B62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:idrac6_monolithic:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1178ECF0-A8BD-4236-83D8-5F39CD8BF6F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "93014C51-F915-4635-A479-EEE4FC3816A1",
              "versionEndIncluding": "1.40.40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac7_firmware:1.00.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "E072CD73-1FB4-46A5-96B4-C9440ACCD2B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac7_firmware:1.06.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7E3E21-56E5-4F13-AE6C-6BD2A5D57FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac7_firmware:1.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8E06108-77C9-4F9C-A0B1-BEDC5C23D862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac7_firmware:1.20.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "3542F818-1A1F-4B75-BA24-E5699F602301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac7_firmware:1.23.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "539A6346-747E-4ACA-B048-3C7DEF6CC2AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:dell:idrac7_firmware:1.37.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A7E775-FB16-4031-B85B-F0944251F4B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:idrac7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B004193-6FCE-4E0C-9B3F-D56B4605701B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en la p\u00e1gina de login del interfaz de administraci\u00f3n web en los dispositivos monol\u00edticos Dell iDRAC6 con firmware anterior a v1.46.45 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del par\u00e1metro \"ErrorMsg\"."
    }
  ],
  "id": "CVE-2013-3589",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-24T10:35:51.923",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/920038"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/920038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201309-0223

Vulnerability from variot - Updated: 2023-12-18 12:38

Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter. DELL Provided by integrated Dell Remote Access Controller (iDRAC) Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0223",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dell",
        "version": "1.3"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dell",
        "version": "1.6"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dell",
        "version": "1.1"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dell",
        "version": "1.0"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dell",
        "version": "1.37.35"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dell",
        "version": "1.2"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dell",
        "version": "1.5"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dell",
        "version": "1.8"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "1.23.23"
      },
      {
        "model": "idrac6 monolithic",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": null
      },
      {
        "model": "idrac6",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dell",
        "version": "1.95"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "1.00.00"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "1.20.20"
      },
      {
        "model": "idrac7",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dell",
        "version": "1.40.40"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "1.06.06"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "1.10.10"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "dell computer",
        "version": null
      },
      {
        "model": "idrac6 monolithic",
        "scope": null,
        "trust": 0.8,
        "vendor": "dell",
        "version": null
      },
      {
        "model": "idrac6",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "dell",
        "version": "version  1.41"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "( all models )"
      },
      {
        "model": "idrac7",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "dell",
        "version": "version  1.40.40"
      },
      {
        "model": "idrac7",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "dell",
        "version": "1.40.40"
      },
      {
        "model": "idrac6",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "dell",
        "version": "1.95"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.95",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:idrac6_monolithic:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.37.35:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.20.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.10.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.06.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.00.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.40.40",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:1.23.23:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:idrac7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-3589"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tudor Enache of Help AG Middle East",
    "sources": [
      {
        "db": "BID",
        "id": "62598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-3589",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-3589",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 8.5,
            "collateralDamagePotential": "NOT DEFINED",
            "confidentialityImpact": "PARTIAL",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 1.9,
            "exploitability": "FUNCTIONAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-3589",
            "impactScore": 7.8,
            "integrityImpact": "COMPLETE",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "WORKAROUND",
            "reportConfidence": "NOT DEFINED",
            "severity": "HIGH",
            "targetDistribution": "LOW",
            "trust": 0.8,
            "userInterationRequired": null,
            "vector_string": "AV:N/AC:L/Au:N/C:P/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-63591",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-3589",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-3589",
            "trust": 0.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201309-419",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-63591",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-3589",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63591"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3589"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter. DELL Provided by integrated Dell Remote Access Controller (iDRAC) Contains a cross-site scripting vulnerability. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-3589"
      },
      {
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "db": "BID",
        "id": "62598"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63591"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3589"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-3589",
        "trust": 3.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#920038",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "62598",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVNVU96078234",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "HTTP://WWW.KB.CERT.ORG/VULS/ID/BLUU-997QVW",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-63591",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3589",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63591"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3589"
      },
      {
        "db": "BID",
        "id": "62598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ]
  },
  "id": "VAR-201309-0223",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63591"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:38:27.585000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Systems Management - iDRAC6 Home",
        "trust": 0.8,
        "url": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4357.idrac6-home.aspx"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/chnzzh/idrac-cve-lib "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-3589"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 2.7
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63591"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3589"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/920038"
      },
      {
        "trust": 2.6,
        "url": "http://www.kb.cert.org/vuls/id/bluu-997qvw"
      },
      {
        "trust": 0.9,
        "url": "http://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.8,
        "url": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4357.idrac6-home.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.dell.com/learn/us/en/555/solutions/integrated-dell-remote-access-controller-idrac"
      },
      {
        "trust": 0.8,
        "url": "http://support.dell.com/"
      },
      {
        "trust": 0.8,
        "url": "http://dell.com/support/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3589"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu96078234/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3589"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/62598"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63591"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3589"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63591"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-3589"
      },
      {
        "db": "BID",
        "id": "62598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3589"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "date": "2013-09-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63591"
      },
      {
        "date": "2013-09-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-3589"
      },
      {
        "date": "2013-09-23T00:00:00",
        "db": "BID",
        "id": "62598"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "date": "2013-09-24T10:35:51.923000",
        "db": "NVD",
        "id": "CVE-2013-3589"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#920038"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63591"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-3589"
      },
      {
        "date": "2013-09-23T00:00:00",
        "db": "BID",
        "id": "62598"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004284"
      },
      {
        "date": "2013-09-25T17:52:39.210000",
        "db": "NVD",
        "id": "CVE-2013-3589"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell iDRAC 6 and iDRAC 7 are vulnerable to a cross-site scripting (XSS) attack",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#920038"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-419"
      }
    ],
    "trust": 0.6
  }
}

GHSA-28CC-22JJ-C7J2

Vulnerability from github – Published: 2022-05-17 05:04 – Updated: 2022-05-17 05:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3589"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-09-24T10:35:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.",
  "id": "GHSA-28cc-22jj-c7j2",
  "modified": "2022-05-17T05:04:21Z",
  "published": "2022-05-17T05:04:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3589"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/920038"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-3589 (GCVE-0-2013-3589)

GSD-2013-3589

FKIE_CVE-2013-3589

VAR-201309-0223

GHSA-28CC-22JJ-C7J2

Tags

Sightings

Nomenclature