4.3

CVE-2011-1976

Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftReport Viewer Version2005 Updatesp1
MicrosoftReport Viewer Version2005 Updatesp1 Editionredistributable_package
MicrosoftVisual Studio Version2005 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.81% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.us-cert.gov/cas/techalerts/TA11-221A.html
Third Party Advisory
US Government Resource
http://marc.info/?l=bugtraq&m=145326307707460&w=2
Third Party Advisory
http://www.securityfocus.com/bid/49033
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773