Vulnerability Details CVE-2013-3572
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://dl.ubnt.com/unifi/static/cve-2013-3572.html
- http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/
- http://www.securityfocus.com/bid/64601
- https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047
- http://dl.ubnt.com/unifi/static/cve-2013-3572.html
- http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/
- http://www.securityfocus.com/bid/64601
- https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047
Products affected by CVE-2013-3572
-
cpe:2.3:a:ui:unifi_controller:2.3.5