CVE-2011-5029

{"id": "CVE-2011-5029", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-12-29T22:55:01.547", "references": [{"url": "http://osvdb.org/77696", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/77697", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/46893", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71821", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Simple PHP Blog v0.7.0 y posiblemente anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de entrada (1) a delete.php o (2) par\u00e1metro de categor\u00eda a index.php."}], "lastModified": "2017-08-29T01:30:38.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alexander_palmo:simple_php_blog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210AC7B2-66D2-4454-8045-3264E9FAF13F", "versionEndIncluding": "0.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}