Lucene search

[email protected]NVD:CVE-2011-1689

HistoryApr 22, 2011 - 10:55 a.m.

CVE-2011-1689

2011-04-2210:55:02

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

bestpracticalrtMatch2.0.0

bestpracticalrtMatch2.0.1

bestpracticalrtMatch2.0.2

bestpracticalrtMatch2.0.3

bestpracticalrtMatch2.0.4

bestpracticalrtMatch2.0.5

bestpracticalrtMatch2.0.5.1

bestpracticalrtMatch2.0.5.3

bestpracticalrtMatch2.0.6

bestpracticalrtMatch2.0.7

bestpracticalrtMatch2.0.8

bestpracticalrtMatch2.0.8.2

bestpracticalrtMatch2.0.9

bestpracticalrtMatch2.0.11

bestpracticalrtMatch2.0.12

bestpracticalrtMatch2.0.13

bestpracticalrtMatch2.0.14

bestpracticalrtMatch2.0.15

bestpracticalrtMatch3.0.0

bestpracticalrtMatch3.0.1

bestpracticalrtMatch3.0.2

bestpracticalrtMatch3.0.3

bestpracticalrtMatch3.0.4

bestpracticalrtMatch3.0.5

bestpracticalrtMatch3.0.6

bestpracticalrtMatch3.0.7

bestpracticalrtMatch3.0.7.1

bestpracticalrtMatch3.0.8

bestpracticalrtMatch3.0.9

bestpracticalrtMatch3.0.10

bestpracticalrtMatch3.0.11

bestpracticalrtMatch3.0.12

bestpracticalrtMatch3.2.0

bestpracticalrtMatch3.2.1

bestpracticalrtMatch3.2.2

bestpracticalrtMatch3.2.3

bestpracticalrtMatch3.4.0

bestpracticalrtMatch3.4.1

bestpracticalrtMatch3.4.2

bestpracticalrtMatch3.4.3

bestpracticalrtMatch3.4.4

bestpracticalrtMatch3.4.5

bestpracticalrtMatch3.4.6

bestpracticalrtMatch3.6.0

bestpracticalrtMatch3.6.1

bestpracticalrtMatch3.6.2

bestpracticalrtMatch3.6.3

bestpracticalrtMatch3.6.4

bestpracticalrtMatch3.6.5

bestpracticalrtMatch3.6.6

bestpracticalrtMatch3.6.7

bestpracticalrtMatch3.6.8

bestpracticalrtMatch3.6.9

bestpracticalrtMatch3.6.10

Node

bestpracticalrtMatch3.8.0

bestpracticalrtMatch3.8.1

bestpracticalrtMatch3.8.2

bestpracticalrtMatch3.8.3

bestpracticalrtMatch3.8.4

bestpracticalrtMatch3.8.5

bestpracticalrtMatch3.8.6

bestpracticalrtMatch3.8.6rc1

bestpracticalrtMatch3.8.7

bestpracticalrtMatch3.8.7rc1

bestpracticalrtMatch3.8.8

bestpracticalrtMatch3.8.8rc2

bestpracticalrtMatch3.8.8rc3

bestpracticalrtMatch3.8.8rc4

bestpracticalrtMatch3.8.9

bestpracticalrtMatch3.8.9rc1

bestpracticalrtMatch3.8.9rc2

bestpracticalrtMatch3.8.9rc3

Node

bestpracticalrtMatch4.0.0rc1

bestpracticalrtMatch4.0.0rc2

bestpracticalrtMatch4.0.0rc3

bestpracticalrtMatch4.0.0rc4

bestpracticalrtMatch4.0.0rc5

bestpracticalrtMatch4.0.0rc6

bestpracticalrtMatch4.0.0rc7

References

blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html

lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html

lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html

lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html

secunia.com/advisories/44189

www.debian.org/security/2011/dsa-2220

www.securityfocus.com/bid/47383

www.vupen.com/english/advisories/2011/1071

bugzilla.redhat.com/show_bug.cgi?id=696795

exchange.xforce.ibmcloud.com/vulnerabilities/66796

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for NVD:CVE-2011-1689

cvelist1 ubuntucve1 prion1 cve1 openvas5 altlinux1 freebsd1 osv1 debian2 securityvulns2 nessus2