Lucene search

MitreCVE-2011-5041

HistoryDec 30, 2011 - 7:55 p.m.

CVE-2011-5041

2011-12-3019:55:00

CWE-79

mitre

web.nvd.nist.gov

cve

2011

5041

cross-site scripting

xss

vulnerabilities

pulse pro cms 1.7.2

remote attackers

web script

html

index.php

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter in a blocks action and (2) post_id parameter in an edit-post action to index.php.

Affected configurations

Nvd

Node

pulsecmspulse_cmsMatch1.7.2-pro

VendorProductVersionCPE
pulsecmspulse_cms1.7.2cpe:2.3:a:pulsecms:pulse_cms:1.7.2:-:pro:*:*:*:*:*

Vendor	Product	Version	CPE
pulsecms	pulse_cms	1.7.2	cpe:2.3:a:pulsecms:pulse_cms:1.7.2:-:pro:::::*

References

osvdb.org/77693

packetstormsecurity.org/files/view/107830/pulsepro172-xss.txt

secunia.com/advisories/47225

exchange.xforce.ibmcloud.com/vulnerabilities/71798

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Related for CVE-2011-5041