Lucene search

[email protected]CVE-2011-5070

HistoryJan 29, 2012 - 4:04 a.m.

CVE-2011-5070

2012-01-2904:04:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-5070

cross-site scripting

xss

support incident tracker

sit!

3.65

nvd

security

vulnerabilities

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php.

CPENameOperatorVersion
sitracker:support_incident_trackersitracker support incident trackereq3.65

CPE	Name	Operator	Version
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.65

References

secunia.com/advisories/45437

www.kb.cert.org/vuls/id/576355

www.osvdb.org/77654

www.osvdb.org/77655

www.osvdb.org/77656

www.securityfocus.com/bid/50896

exchange.xforce.ibmcloud.com/vulnerabilities/71652

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2011-5070

cvelist1 prion1