CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-1070

Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.8%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.securityfocus.com/bid/65575
http://www.ubuntu.com/usn/USN-2105-1
https://bugs.launchpad.net/maas/%2Bbug/1251336
http://www.securityfocus.com/bid/65575
http://www.ubuntu.com/usn/USN-2105-1
https://bugs.launchpad.net/maas/%2Bbug/1251336

Products affected by CVE-2013-1070

Ubuntu » Metal As A Service » Version: 1.2

cpe:2.3:a:ubuntu:metal_as_a_service:1.2
Ubuntu » Metal As A Service » Version: 1.4

cpe:2.3:a:ubuntu:metal_as_a_service:1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-1070

Products

Pricing

Contact Us