CVE-2011-1660 in Data Dynamics Reportsinformazioni

Riassunto

di MITRE

Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

09/04/2011

Divulgazione

09/04/2011

Moderazione

accettato

Voce

VDB-57034

CPE

pronto

CWE

CWE-79 (confermato)

Sfruttamento

Scaricare

CVSS

4.3 (VulDB)

EPSS

0.01327

KEV

Attività

molto basso

Settore

Hospital, Education, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1660
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1660
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1660/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!