Lucene search

MitreCVE-2011-2652

HistoryAug 23, 2011 - 9:55 p.m.

CVE-2011-2652

2011-08-2321:55:01

CWE-79

mitre

web.nvd.nist.gov

cve-2011-2652

cross-site scripting

xss

kiwi

suse studio

vulnerability

web script

html

archive file

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file.

Affected configurations

Nvd

Node

marcus_schaferkiwiRange≤3.74.1

novellsuse_studio_onsiteMatch1.1

VendorProductVersionCPE
marcus_schaferkiwi*cpe:2.3:a:marcus_schafer:kiwi:*:*:*:*:*:*:*:*
novellsuse_studio_onsite1.1cpe:2.3:a:novell:suse_studio_onsite:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
marcus_schafer	kiwi	*	cpe:2.3:a:marcus_schafer:kiwi::::::::
novell	suse_studio_onsite	1.1	cpe:2.3:a:novell:suse_studio_onsite:1.1:::::::*

References

lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html

support.novell.com/security/cve/CVE-2011-2652.html

www.securityfocus.com/bid/49236

bugzilla.novell.com/show_bug.cgi?id=702320

exchange.xforce.ibmcloud.com/vulnerabilities/69287

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

Related for CVE-2011-2652