Lucene search

JpcertCVE-2011-3985

HistoryNov 09, 2011 - 11:55 p.m.

CVE-2011-3985

2011-11-0923:55:01

CWE-79

jpcert

web.nvd.nist.gov

cve

2011

3985

cross-site scripting

xss

plume

1.2.3

nvd

vulnerability

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

49.0%

JSON

Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

plume-cmsplume_cmsRange≤1.2.2

plume-cmsplume_cmsMatch1.0.2

plume-cmsplume_cmsMatch1.0.3

plume-cmsplume_cmsMatch1.0.4

plume-cmsplume_cmsMatch1.0.5

plume-cmsplume_cmsMatch1.0.6

plume-cmsplume_cmsMatch1.1.3

plume-cmsplume_cmsMatch1.2

plume-cmsplume_cmsMatch1.2.1

VendorProductVersionCPE
plume-cmsplume_cms*cpe:2.3:a:plume-cms:plume_cms:*:*:*:*:*:*:*:*
plume-cmsplume_cms1.0.2cpe:2.3:a:plume-cms:plume_cms:1.0.2:*:*:*:*:*:*:*
plume-cmsplume_cms1.0.3cpe:2.3:a:plume-cms:plume_cms:1.0.3:*:*:*:*:*:*:*
plume-cmsplume_cms1.0.4cpe:2.3:a:plume-cms:plume_cms:1.0.4:*:*:*:*:*:*:*
plume-cmsplume_cms1.0.5cpe:2.3:a:plume-cms:plume_cms:1.0.5:*:*:*:*:*:*:*
plume-cmsplume_cms1.0.6cpe:2.3:a:plume-cms:plume_cms:1.0.6:*:*:*:*:*:*:*
plume-cmsplume_cms1.1.3cpe:2.3:a:plume-cms:plume_cms:1.1.3:*:*:*:*:*:*:*
plume-cmsplume_cms1.2cpe:2.3:a:plume-cms:plume_cms:1.2:*:*:*:*:*:*:*
plume-cmsplume_cms1.2.1cpe:2.3:a:plume-cms:plume_cms:1.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
plume-cms	plume_cms	*	cpe:2.3:a:plume-cms:plume_cms::::::::
plume-cms	plume_cms	1.0.2	cpe:2.3:a:plume-cms:plume_cms:1.0.2:::::::*
plume-cms	plume_cms	1.0.3	cpe:2.3:a:plume-cms:plume_cms:1.0.3:::::::*
plume-cms	plume_cms	1.0.4	cpe:2.3:a:plume-cms:plume_cms:1.0.4:::::::*
plume-cms	plume_cms	1.0.5	cpe:2.3:a:plume-cms:plume_cms:1.0.5:::::::*
plume-cms	plume_cms	1.0.6	cpe:2.3:a:plume-cms:plume_cms:1.0.6:::::::*
plume-cms	plume_cms	1.1.3	cpe:2.3:a:plume-cms:plume_cms:1.1.3:::::::*
plume-cms	plume_cms	1.2	cpe:2.3:a:plume-cms:plume_cms:1.2:::::::*
plume-cms	plume_cms	1.2.1	cpe:2.3:a:plume-cms:plume_cms:1.2.1:::::::*

References

jvn.jp/en/jp/JVN08307791/index.html

jvndb.jvn.jp/jvndb/JVNDB-2011-000083

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

49.0%

JSON

Related for CVE-2011-3985