Lucene search

[email protected]NVD:CVE-2011-5256

HistoryFeb 12, 2013 - 8:55 p.m.

CVE-2011-5256

2013-02-1220:55:01

CWE-79

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.0%

JSON

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

Affected configurations

NVD

Node

limesurveylimesurveyRange≤1.91\+

limesurveylimesurveyMatch1.01

limesurveylimesurveyMatch1.50

limesurveylimesurveyMatch1.52

limesurveylimesurveyMatch1.53\+

limesurveylimesurveyMatch1.70\+

limesurveylimesurveyMatch1.71\+

limesurveylimesurveyMatch1.72

limesurveylimesurveyMatch1.80\+

limesurveylimesurveyMatch1.81\+

limesurveylimesurveyMatch1.82\+

limesurveylimesurveyMatch1.85

limesurveylimesurveyMatch1.86

limesurveylimesurveyMatch1.87\+

limesurveylimesurveyMatch1.90\+

References

limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup

secunia.com/advisories/46831

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.0%

JSON

Related for NVD:CVE-2011-5256

prion1 cvelist1 cve1