CVE-2011-1976

EPSS 66.11%
Veröffentlicht 10.08.2011 21:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Report Viewer Version2005 Updatesp1

Microsoft ≫ Report Viewer Version2005 Updatesp1 Editionredistributable_package

Microsoft ≫ Visual Studio Version2005 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	66.11%	0.984

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.us-cert.gov/cas/techalerts/TA11-221A.html

Third Party Advisory

US Government Resource

http://marc.info/?l=bugtraq&m=145326307707460&w=2

Third Party Advisory

http://www.securityfocus.com/bid/49033

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773

https://nvd.nist.gov/vuln/detail/CVE-2011-1976

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1976

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1976

EUVD