CVE-2011-1671

{"id": "CVE-2011-1671", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-04-10T02:51:20.307", "references": [{"url": "http://osvdb.org/71352", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43909", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8196", "source": "cve@mitre.org"}, {"url": "http://www.getontracks.org/downloads/comments/tracks-173", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Tracks/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/517223/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/47078", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66561", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en app/controllers/todos_controller.rb en Tracks v1.7.2, v2.0RC2, y v2.0devel, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de PATH_INFO para todos/tag/. NOTA: algunos de estos detalles se han obtenido de terceros"}], "lastModified": "2018-10-09T19:31:36.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getontracks:tracks:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CEFE3B6-7201-4F00-8192-19926B3602F4"}, {"criteria": "cpe:2.3:a:getontracks:tracks:2.0:devel:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45CB50B4-0E32-4310-8B03-7840A7E1B61E"}, {"criteria": "cpe:2.3:a:getontracks:tracks:2.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4E7D479-E89B-4DE8-8B01-76567031CC7E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}