CVE-2011-1976

{"id": "CVE-2011-1976", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-08-10T21:55:01.953", "references": [{"url": "http://marc.info/?l=bugtraq&m=145326307707460&w=2", "tags": ["Third Party Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/49033", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067", "source": "secure@microsoft.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270", "tags": ["Third Party Advisory"], "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el control \"Report Viewer\" de Microsoft Visual Studio 2005 SP1 y Report Viewer 2005 SP1 permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro en una fuente de datos. Tambi\u00e9n conocido como \"Vulnerabilidad XSS en el control Report Viewer\"."}], "lastModified": "2018-10-12T22:01:14.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "033138E1-82C7-443C-89C1-23D8032674CF"}, {"criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}