CVE-2013-3572
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
31/12/2013
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ui:unifi_controller:*:*:*:*:*:*:*:* | 2.3.6 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://dl.ubnt.com/unifi/static/cve-2013-3572.html
- http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/
- http://www.securityfocus.com/bid/64601
- https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047
- http://dl.ubnt.com/unifi/static/cve-2013-3572.html
- http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/
- http://www.securityfocus.com/bid/64601
- https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047