CVE-2011-1660

{"id": "CVE-2011-1660", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-04-10T02:51:19.557", "references": [{"url": "http://secunia.com/advisories/43953", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8190", "source": "cve@mitre.org"}, {"url": "http://www.gcpowertools.com/DownloadLatestVersion", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/71488", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/517244/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/47015", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66545", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la biblioteca de clase DataDynamics.Reports.Web de GrapeCity Data Dynamics Reports anterior a v1.6.2084.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los patr\u00e1metros (1) reportName o (2) uniqueId de CoreViewerInit.js, o el par\u00e1metro (3) uniqueId o (4) traceLevel de CoreController.js visible por CoreHandler.ashx"}], "lastModified": "2018-10-09T19:31:33.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B954AE-A7FA-4025-B7E2-73CBAF4C9956", "versionEndIncluding": "1.6.1871.61"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:0.5.125.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B6237F2-2A7F-4A49-B857-B195805CEE57"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:0.5.142.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4F7C213-2B53-4E41-9649-02701D7F3A8B"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.30.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEDDB347-58CB-4C46-B9C4-4275A54A4B55"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.63.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB440D38-D4CF-4EB7-B1F4-A45516CC3FB2"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.128.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B93DCE42-2F11-4A28-A86F-EE6E17BF24D2"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.175.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AD2E0CC-806B-4CB7-9DA1-4BC434620D0D"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.195.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202D7246-B558-459B-9B2D-2F2CE2DC22F9"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.236.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5908A34-B6A3-4464-89D1-775C20160BDC"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.261.0:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "337E00E4-1EA2-4933-8800-F3E655571BB1"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.342.0:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51E5660F-4AE0-4717-A0FC-EE82857F2F34"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.419.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07CBCB7F-4925-4531-B678-58A1F564E1F5"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.441.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCB28D8E-2A23-4441-8FB8-8FECB0C6AFCD"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.546.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33EF3EE8-8576-45D1-931E-C3D4132B5AB5"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.711.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D89CD41-2D48-47F9-9210-FA2503DD594F"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.750.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8D96745-6CF1-4B0B-85A2-7047FF8AC933"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.807.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "950284CE-B50A-444C-A443-14A46EB0DBE1"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.866.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FD23F64-5EEE-465D-8890-BC259B581288"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.905.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A8C78F2-669E-4580-AAF9-733539E2B180"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.1052.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFF3BA5-3092-413A-8868-98E125916FC6"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1818.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CBF4BE0-38DF-40D8-A805-27BE640D4833"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1818.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3B681BA-BDDB-465E-8BEA-910A4F9C6C6D"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1871.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4831287-5E79-4E71-9E6A-CA807A3A9D0F"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1871.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B27114F-D44E-402F-8EA5-0C471178AC0C"}, {"criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1871.45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1290C956-A0E1-45C9-A2BA-F0A4E73421D9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}