CVE-2013-0571
Published Apr 27, 2013
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.9
- Impact score
- 2.9
- Exploitability score
- 5.5
- Vector string
- AV:A/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:application_support_facility:3.4.0:-:*:*:*:aix:*:*",
"vulnerable": true,
"matchCriteriaId": "7623E17C-E016-4C34-BFF5-835FFCF84B9A"
},
{
"criteria": "cpe:2.3:a:ibm:application_support_facility:3.4.0:-:*:*:*:linux_kernel:*:*",
"vulnerable": true,
"matchCriteriaId": "1935A724-42B2-43B2-92B9-34618235CBDE"
},
{
"criteria": "cpe:2.3:a:ibm:application_support_facility:3.4.0:-:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "65997783-AC40-4E4B-A539-DCE3C4768741"
},
{
"criteria": "cpe:2.3:a:ibm:application_support_facility:3.4.0:-:*:*:*:z\\/os:*:*",
"vulnerable": true,
"matchCriteriaId": "AB26C6CF-F463-4C1D-B108-A5BA788F03BD"
},
{
"criteria": "cpe:2.3:a:ibm:document_connect_for_application_support_facility:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CA8AEA0-9FEC-4008-8E8F-8BC425ACFDD2",
"versionEndIncluding": "1.0.0.1204"
}
],
"operator": "OR"
}
]
}
]