Lucene search

[email protected]NVD:CVE-2011-4947

HistoryAug 31, 2012 - 10:55 p.m.

CVE-2011-4947

2012-08-3122:55:01

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.

Affected configurations

NVD

Node

e107e107Range≤0.7.24

e107e107Match0.7

e107e107Match0.7.0

e107e107Match0.7.1

e107e107Match0.7.2

e107e107Match0.7.3

e107e107Match0.7.4

e107e107Match0.7.5

e107e107Match0.7.6

e107e107Match0.7.7

e107e107Match0.7.8

e107e107Match0.7.9

e107e107Match0.7.10

e107e107Match0.7.11

e107e107Match0.7.12

e107e107Match0.7.13

e107e107Match0.7.14

e107e107Match0.7.15

e107e107Match0.7.16

e107e107Match0.7.17

e107e107Match0.7.18

e107e107Match0.7.19

e107e107Match0.7.20

e107e107Match0.7.21

e107e107Match0.7.22

References

e107.org/svn_changelog.php?version=0.7.26

e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306

www.openwall.com/lists/oss-security/2012/03/28/4

www.openwall.com/lists/oss-security/2012/03/29/3

exchange.xforce.ibmcloud.com/vulnerabilities/68062

www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for NVD:CVE-2011-4947

cve1 cvelist1 prion1