CVE-2011-1899

Published May 16, 2011

Last updated a year ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ca:ehealth:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D2B512E-1CBA-46C3-A6D6-A5EB8B34AEA5"
          },
          {
            "criteria": "cpe:2.3:a:ca:ehealth:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "745B30F3-CA79-4ECD-BCFC-4EC323F636FC"
          },
          {
            "criteria": "cpe:2.3:a:ca:ehealth:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A02F595-DD7D-4F53-B37F-222E33F923E7"
          },
          {
            "criteria": "cpe:2.3:a:ca:ehealth:6.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5D48E2B-E01A-4C3E-B944-A990C68DE094"
          },
          {
            "criteria": "cpe:2.3:a:ca:ehealth:6.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E57183EF-AD0A-4B75-BC41-67964E882FDF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References