CVE-2011-3317

{"id": "CVE-2011-3317", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-05-02T10:09:21.550", "references": [{"url": "http://secunia.com/advisories/49101", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/53436", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Solution Engine en Cisco Secure Access Control Server (ACS) v5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCtr78192."}], "lastModified": "2012-06-09T03:36:31.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19DD8E24-802E-4D20-A054-7B76FB7A83B8"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}