Lucene search

[email protected]CVE-2011-1716

HistoryApr 18, 2011 - 6:55 p.m.

CVE-2011-1716

2011-04-1818:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-1716

cross-site scripting

xss

vulnerabilities

xymon

web ui

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

xymonxymonbeta3

xymonxymonbeta4

xymonxymonbeta5

xymonxymonbeta6

xymonxymonrc1

xymonxymonrc2

xymonxymonrc3

xymonxymonrc4

xymonxymonrc5

xymonxymonrc6

xymonxymonRange≤4.3.0

xymonxymonMatch4.0

xymonxymonMatch4.0.1

xymonxymonMatch4.0.2

xymonxymonMatch4.0.3

xymonxymonMatch4.0.4

xymonxymonMatch4.1.0

xymonxymonMatch4.1.1

xymonxymonMatch4.1.2

xymonxymonMatch4.1.2p1

xymonxymonMatch4.1.2p2

xymonxymonMatch4.2.0

xymonxymonMatch4.2.2

xymonxymonMatch4.2.3

xymonxymonMatch4.3.0beta1

xymonxymonMatch4.3.0beta2

xymonxymonMatch4.3.0beta3

xymonxymonMatch4.3.0rc1

CPENameOperatorVersion
xymon:xymonxymoneq*
xymon:xymonxymonle4.3.0
xymon:xymonxymoneq4.0
xymon:xymonxymoneq4.0.1
xymon:xymonxymoneq4.0.2
xymon:xymonxymoneq4.0.3
xymon:xymonxymoneq4.0.4
xymon:xymonxymoneq4.1.0
xymon:xymonxymoneq4.1.1
xymon:xymonxymoneq4.1.2

CPE	Name	Operator	Version
xymon:xymon	xymon	eq	*
xymon:xymon	xymon	le	4.3.0
xymon:xymon	xymon	eq	4.0
xymon:xymon	xymon	eq	4.0.1
xymon:xymon	xymon	eq	4.0.2
xymon:xymon	xymon	eq	4.0.3
xymon:xymon	xymon	eq	4.0.4
xymon:xymon	xymon	eq	4.1.0
xymon:xymon	xymon	eq	4.1.1
xymon:xymon	xymon	eq	4.1.2