{ "id": "CVE-2011-1660", "sourceIdentifier": "cve@mitre.org", "published": "2011-04-10T02:51:19.557", "lastModified": "2018-10-09T19:31:33.537", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la biblioteca de clase DataDynamics.Reports.Web de GrapeCity Data Dynamics Reports anterior a v1.6.2084.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los patr\u00e1metros (1) reportName o (2) uniqueId de CoreViewerInit.js, o el par\u00e1metro (3) uniqueId o (4) traceLevel de CoreController.js visible por CoreHandler.ashx" } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.6.1871.61", "matchCriteriaId": "27B954AE-A7FA-4025-B7E2-73CBAF4C9956" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:0.5.125.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "2B6237F2-2A7F-4A49-B857-B195805CEE57" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:0.5.142.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "C4F7C213-2B53-4E41-9649-02701D7F3A8B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "EEDDB347-58CB-4C46-B9C4-4275A54A4B55" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.63.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB440D38-D4CF-4EB7-B1F4-A45516CC3FB2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.128.0:*:*:*:*:*:*:*", "matchCriteriaId": "B93DCE42-2F11-4A28-A86F-EE6E17BF24D2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.175.0:beta:*:*:*:*:*:*", "matchCriteriaId": "2AD2E0CC-806B-4CB7-9DA1-4BC434620D0D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.195.0:beta:*:*:*:*:*:*", "matchCriteriaId": "202D7246-B558-459B-9B2D-2F2CE2DC22F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.236.0:beta:*:*:*:*:*:*", "matchCriteriaId": "C5908A34-B6A3-4464-89D1-775C20160BDC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.261.0:rc:*:*:*:*:*:*", "matchCriteriaId": "337E00E4-1EA2-4933-8800-F3E655571BB1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.342.0:rc:*:*:*:*:*:*", "matchCriteriaId": "51E5660F-4AE0-4717-A0FC-EE82857F2F34" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.419.0:*:*:*:*:*:*:*", "matchCriteriaId": "07CBCB7F-4925-4531-B678-58A1F564E1F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.441.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCB28D8E-2A23-4441-8FB8-8FECB0C6AFCD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.0.546.0:*:*:*:*:*:*:*", "matchCriteriaId": "33EF3EE8-8576-45D1-931E-C3D4132B5AB5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.711.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D89CD41-2D48-47F9-9210-FA2503DD594F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.750.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8D96745-6CF1-4B0B-85A2-7047FF8AC933" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.807.0:*:*:*:*:*:*:*", "matchCriteriaId": "950284CE-B50A-444C-A443-14A46EB0DBE1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.866.0:*:*:*:*:*:*:*", "matchCriteriaId": "5FD23F64-5EEE-465D-8890-BC259B581288" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.905.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A8C78F2-669E-4580-AAF9-733539E2B180" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.5.1052.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BFF3BA5-3092-413A-8868-98E125916FC6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1818.0:*:*:*:*:*:*:*", "matchCriteriaId": "1CBF4BE0-38DF-40D8-A805-27BE640D4833" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1818.8:*:*:*:*:*:*:*", "matchCriteriaId": "E3B681BA-BDDB-465E-8BEA-910A4F9C6C6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1871.8:*:*:*:*:*:*:*", "matchCriteriaId": "A4831287-5E79-4E71-9E6A-CA807A3A9D0F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1871.24:*:*:*:*:*:*:*", "matchCriteriaId": "4B27114F-D44E-402F-8EA5-0C471178AC0C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:grapecity:data_dynamics_reports:1.6.1871.45:*:*:*:*:*:*:*", "matchCriteriaId": "1290C956-A0E1-45C9-A2BA-F0A4E73421D9" } ] } ] } ], "references": [ { "url": "http://securityreason.com/securityalert/8190", "source": "cve@mitre.org" }, { "url": "http://www.gcpowertools.com/DownloadLatestVersion", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.securityfocus.com/archive/1/517244/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/47015", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66545", "source": "cve@mitre.org" } ] }