CVE-2011-4038

{"id": "CVE-2011-4038", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-02-10T19:55:01.750", "references": [{"url": "http://secunia.com/advisories/47742", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/47933", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/47742", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/47933", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Invensys Wonderware HMI Reports 3.42.835.0304 y anteriores, como el usado en Ocean Data Systems Dream Report anteriores a v4.0 y otros programas, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros no especificados.\r\n"}], "lastModified": "2024-11-21T01:31:44.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dreamreport:dream_report:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2DD8213-B11B-48BF-A2A1-9F485F02D310", "versionEndIncluding": "3.43"}, {"criteria": "cpe:2.3:a:dreamreport:dream_report:3.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E8A91FF-176F-4823-90F3-AA998F54558B"}, {"criteria": "cpe:2.3:a:dreamreport:dream_report:3.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CB7D92A-80CA-45C3-8A94-0FE560791D05"}, {"criteria": "cpe:2.3:a:dreamreport:dream_report:3.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E435F35-43CA-46DE-8637-17F84D43E4AF"}, {"criteria": "cpe:2.3:a:invensys:wonderware_hmi_reports:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97C412F4-B6C6-4000-8828-16A2B0AF9262", "versionEndIncluding": "3.42.835.0304"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}