CVE-2011-5221

{"id": "CVE-2011-5221", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-10-25T17:55:04.547", "references": [{"url": "http://osvdb.org/77941", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/77942", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/77943", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/47288", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://websvn.tigris.org/issues/show_bug.cgi?id=275", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51109", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1026438", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71888", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n getLog en svnlook.php en WebSVN anteriores a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro path sobre (1) comp.php, (2) diff.php, o (3) revision.php."}], "lastModified": "2017-08-29T01:30:45.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:websvn:websvn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "027433C8-EAD7-4AF4-B7B1-0C866122B383", "versionEndIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:websvn:websvn:1.61:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D194CBDC-E4D4-47DE-9562-5B0FCE65E017"}, {"criteria": "cpe:2.3:a:websvn:websvn:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE678446-BD20-4E5A-8C94-0C6E81B37184"}, {"criteria": "cpe:2.3:a:websvn:websvn:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F59B7EFC-0409-4255-823F-A33FAFC2EDA9"}, {"criteria": "cpe:2.3:a:websvn:websvn:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9620BAB-DDEE-48E2-ADF7-A6A1C7B01590"}, {"criteria": "cpe:2.3:a:websvn:websvn:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "842AEBF8-1A25-4D94-A583-4C391A548304"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}