{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-09-29T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3065", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", "refsource": "MISC", "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"}, {"name": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php", "refsource": "MISC", "url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:00:09.890Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3065", "datePublished": "2014-09-29T22:00:00", "dateReserved": "2013-04-15T00:00:00", "dateUpdated": "2024-08-06T16:00:09.890Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linksys:ea6500_firmware:1.1.28.147876:*:*:*:*:*:*:*", "matchCriteriaId": "B48B8672-1F23-434E-AC77-1EEBCFC62D6E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:ea6500:-:*:*:*:*:*:*:*", "matchCriteriaId": "6EADC8D1-E9D1-4DBA-A5B9-E58FE3770353", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la secci\u00f3n Parental Controls en Linksys EA6500 con firmware 1.1.28.147876 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con la secci\u00f3n Blocked Specific Sites."}], "id": "CVE-2013-3065", "lastModified": "2014-09-30T18:25:04.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-09-29T22:55:08.190", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}