CVE-2011-1953

Published Jun 6, 2011

Last updated 6 years ago

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C67C01B-F7E8-44E0-9739-3C4200C7B23B",
            "versionEndIncluding": "0.8.0c"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.2:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9A721BF-DFD7-4F66-A5DF-53C69647E75A"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.3:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A460C783-0922-48CD-831D-43BC5FA177B8"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B6C9114-F48B-42B5-886C-ACD57C4DAD55"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B185A73E-AD6A-42CE-816F-0EC280BC6DF4"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "412E1018-BF17-42A0-9027-46DD8CEF5383"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.7.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EC294CE-0BE0-4EE2-891C-52A98B8C241A"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.7.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F76CA836-C63A-4DCC-A265-0A7A9A82C2B7"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.7.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EDE637C-7D0F-4037-9E45-77886316CEED"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.7.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D5BD6F4-DC7E-47AE-8E24-155C4E2F6B10"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.8.0:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "966BA6A4-5E70-4AB5-9F26-D56D4EADDA49"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.8.0b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF533C04-2042-459A-B0B2-6D5E6E0195B8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References