CVE-2011-4918

{"id": "CVE-2011-4918", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-08-29T04:39:38.863", "references": [{"url": "http://forum.elxis.org/index.php?PHPSESSID=v9i7kgmmb2554ldmlcmbj32ugjd0ngpc&topic=5144.msg43327#msg43327", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/47073", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2011/12/31/2", "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/77563", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/77564", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/520748/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/50910", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71648", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Elxis CMS v2009.2, v2009.3 y v2009.3 Aphrodite anterior a la revisi\u00f3n 2684 permite a atacantes remotos inyectar c\u00f3digo web y HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro task a elxis/index.php, y (2) PATH_INFO a elxis/administrator/index.php."}], "lastModified": "2018-10-09T19:33:37.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elxis:elxis_cms:2009.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8817648-C370-4F6E-963B-8B18F22CFCD9"}, {"criteria": "cpe:2.3:a:elxis:elxis_cms:2009.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F130FED3-562C-4351-B017-AB5226DFC74D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}