Lucene search

[email protected]CVE-2011-4805

HistoryDec 14, 2011 - 12:55 a.m.

CVE-2011-4805

2011-12-1400:55:06

CWE-79

[email protected]

web.nvd.nist.gov

sap

crystal report

xss

vulnerability

pubdblogon.jsp

cve-2011-4805

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.

Affected configurations

NVD

Node

sapcrystal_reports_serverMatch2008

CPENameOperatorVersion
sap:crystal_reports_serversap crystal reports servereq2008

CPE	Name	Operator	Version
sap:crystal_reports_server	sap crystal reports server	eq	2008

References

dsecrg.com/pages/vul/show.php?id=333

www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a

www.securityfocus.com/archive/1/520560/100/0/threaded

service.sap.com/sap/support/notes/1562292

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for CVE-2011-4805

nvd1 prion1 cvelist1