CVE-2011-4024 - OpenCVE

Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ocsinventory-ng	Ocs Inventory Ng

Configuration 1 [-]

OR	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng::::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:::::::*
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:::::::*
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:::::::*
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc1::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc2::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc3::::::
	cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02.1:::::::*

References

Link	Resource
http://osvdb.org/76135
http://secunia.com/advisories/46311	Vendor Advisory
http://securityreason.com/securityalert/8477
http://www.exploit-db.com/exploits/18005	Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2012:053
http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html	Patch
http://www.securityfocus.com/bid/50011
https://exchange.xforce.ibmcloud.com/vulnerabilities/70406

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-10-21T18:00:00

Updated: 2017-12-28T20:57:01

Reserved: 2011-10-06T00:00:00

Link: CVE-2011-4024

JSON object: View

NVD Information

Status : Modified

Published: 2011-10-21T18:55:01.023

Modified: 2017-12-29T02:29:04.377

Link: CVE-2011-4024

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-28T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ocsinventoryng-unspecified-xss(70406)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70406"}, {"name": "8477", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8477"}, {"name": "76135", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/76135"}, {"name": "50011", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50011"}, {"name": "MDVSA-2012:053", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:053"}, {"name": "46311", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46311"}, {"name": "18005", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/18005"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4024", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ocsinventoryng-unspecified-xss(70406)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70406"}, {"name": "8477", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8477"}, {"name": "76135", "refsource": "OSVDB", "url": "http://osvdb.org/76135"}, {"name": "50011", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50011"}, {"name": "MDVSA-2012:053", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:053"}, {"name": "46311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46311"}, {"name": "18005", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/18005"}, {"name": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html", "refsource": "CONFIRM", "url": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4024", "datePublished": "2011-10-21T18:00:00", "dateReserved": "2011-10-06T00:00:00", "dateUpdated": "2017-12-28T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1905340-2865-45C9-862A-A612F11C2DE8", "versionEndIncluding": "2.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9C9D8DD-6505-4903-9181-26223DA65DD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*", "matchCriteriaId": "CCBDA19C-8B65-4D0D-80B6-3C1E76C5BE5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3E915093-BDDA-4A75-A0D0-819246D94249", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "5CDE845A-A67A-4DCC-BC61-FC64C6943C3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "B363C2E6-FAB1-4CED-9C0D-3797AEC814E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*", "matchCriteriaId": "F8B28BF3-C16C-458A-BC9B-23631D2B7623", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:*:*:*:*:*:*:*", "matchCriteriaId": "2E49644A-ECAA-4B72-9179-464C98B0C2EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc1:*:*:*:*:*:*", "matchCriteriaId": "73D26134-3129-432B-AA9E-5062E2792F10", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc2:*:*:*:*:*:*", "matchCriteriaId": "A113F25A-CC82-428A-AA56-16BBA3D3C736", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc3:*:*:*:*:*:*", "matchCriteriaId": "C0FCAE6C-0F9F-4B8A-97B4-2EF4ED76C5FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B7B35C5-6165-4377-ABC8-3474905F325F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ocsinventory in OCS Inventory NG v2.0.1 y anteriores permite a atacantes remotos inyectar script de su elecci\u00f3n o HTML a trav\u00e9s de vectores no especificados.\r\n"}], "id": "CVE-2011-4024", "lastModified": "2017-12-29T02:29:04.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-10-21T18:55:01.023", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/76135"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46311"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8477"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/18005"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:053"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/50011"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70406"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}