Lucene search

[email protected]CVE-2011-5178

HistorySep 20, 2012 - 10:55 a.m.

CVE-2011-5178

2012-09-2010:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-5178

xss

vulnerabilities

netmri

infoblox

security

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

83.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.

CPENameOperatorVersion
infoblox:netmriinfoblox netmrieq6.1.2
infoblox:netmriinfoblox netmrieq6.0.2.42
infoblox:netmriinfoblox netmrile6.2.1
infoblox:netmriinfoblox netmrieq6.2.1.48

CPE	Name	Operator	Version
infoblox:netmri	infoblox netmri	eq	6.1.2
infoblox:netmri	infoblox netmri	eq	6.0.2.42
infoblox:netmri	infoblox netmri	le	6.2.1
infoblox:netmri	infoblox netmri	eq	6.2.1.48

References

foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss

seclists.org/fulldisclosure/2011/Nov/158

secunia.com/advisories/46854

www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg

www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg

www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg

www.securitytracker.com/id?1026319

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2011-5178

cvelist1 prion1