Lucene search

[email protected]CVE-2011-5221

HistoryOct 25, 2012 - 5:55 p.m.

CVE-2011-5221

2012-10-2517:55:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-5221

cross-site scripting

xss

websvn

vulnerability

injection

remote attack

html

script

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php.

Affected configurations

NVD

Node

websvnwebsvnRange≤2.3.0

websvnwebsvnMatch1.61

websvnwebsvnMatch2.0

websvnwebsvnMatch2.1.0

websvnwebsvnMatch2.2.0

websvnwebsvnMatch2.2.1

CPENameOperatorVersion
websvn:websvnwebsvnle2.3.0
websvn:websvnwebsvneq1.61
websvn:websvnwebsvneq2.0
websvn:websvnwebsvneq2.1.0
websvn:websvnwebsvneq2.2.0
websvn:websvnwebsvneq2.2.1

CPE	Name	Operator	Version
websvn:websvn	websvn	le	2.3.0
websvn:websvn	websvn	eq	1.61
websvn:websvn	websvn	eq	2.0
websvn:websvn	websvn	eq	2.1.0
websvn:websvn	websvn	eq	2.2.0
websvn:websvn	websvn	eq	2.2.1

References

osvdb.org/77941

osvdb.org/77942

osvdb.org/77943

secunia.com/advisories/47288

st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html

websvn.tigris.org/issues/show_bug.cgi?id=275

www.securityfocus.com/bid/51109

www.securitytracker.com/id?1026438

exchange.xforce.ibmcloud.com/vulnerabilities/71888

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVE-2011-5221

openvas2 ubuntucve1 nvd1 prion1 cvelist1