4.3
CVE-2011-3684
- EPSS 0.32%
- Veröffentlicht 27.09.2011 19:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tembria ≫ Server Monitor Version <= 6.0.4
Tembria ≫ Server Monitor Version4.0.6
Tembria ≫ Server Monitor Version4.0.7
Tembria ≫ Server Monitor Version4.1.0
Tembria ≫ Server Monitor Version4.1.1
Tembria ≫ Server Monitor Version4.1.2
Tembria ≫ Server Monitor Version4.1.3
Tembria ≫ Server Monitor Version4.2
Tembria ≫ Server Monitor Version4.2.1
Tembria ≫ Server Monitor Version4.3
Tembria ≫ Server Monitor Version4.3.1
Tembria ≫ Server Monitor Version4.3.2
Tembria ≫ Server Monitor Version4.3.3
Tembria ≫ Server Monitor Version5.0 Updatebeta1
Tembria ≫ Server Monitor Version5.0 Updatebeta2
Tembria ≫ Server Monitor Version5.0 Updatebeta3
Tembria ≫ Server Monitor Version5.0.0
Tembria ≫ Server Monitor Version5.0.1
Tembria ≫ Server Monitor Version5.0.2
Tembria ≫ Server Monitor Version5.0.3
Tembria ≫ Server Monitor Version5.0.4
Tembria ≫ Server Monitor Version5.0.5
Tembria ≫ Server Monitor Version5.1.0
Tembria ≫ Server Monitor Version5.1.1
Tembria ≫ Server Monitor Version5.1.2
Tembria ≫ Server Monitor Version5.1.3
Tembria ≫ Server Monitor Version5.2.0
Tembria ≫ Server Monitor Version5.2.1
Tembria ≫ Server Monitor Version5.2.2
Tembria ≫ Server Monitor Version5.2.3
Tembria ≫ Server Monitor Version5.2.4
Tembria ≫ Server Monitor Version5.2.5
Tembria ≫ Server Monitor Version5.3.0
Tembria ≫ Server Monitor Version5.3.1
Tembria ≫ Server Monitor Version5.3.2
Tembria ≫ Server Monitor Version5.3.3
Tembria ≫ Server Monitor Version5.3.4
Tembria ≫ Server Monitor Version5.3.5
Tembria ≫ Server Monitor Version5.3.6
Tembria ≫ Server Monitor Version5.5.0
Tembria ≫ Server Monitor Version5.5.1
Tembria ≫ Server Monitor Version5.5.2
Tembria ≫ Server Monitor Version5.5.3
Tembria ≫ Server Monitor Version5.6.0
Tembria ≫ Server Monitor Version5.6.1
Tembria ≫ Server Monitor Version5.6.2
Tembria ≫ Server Monitor Version5.6.3
Tembria ≫ Server Monitor Version6.0.0
Tembria ≫ Server Monitor Version6.0.1
Tembria ≫ Server Monitor Version6.0.2
Tembria ≫ Server Monitor Version6.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.517 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.