CVE-2011-3254

Published Oct 14, 2011

Last updated 13 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
Source: product-security@apple.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1878949F-8E15-4751-8D8A-BFB2B9B9254A"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0070D83-2E27-4DA8-8D10-A6A697216F36"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C9ACA63-4528-4090-B1EA-1FE57A6B0555"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D78F7B3E-397F-480D-8B07-A9B0C4A789E4"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DD342BF-096A-4082-B700-19629F2BDE87"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93141AB6-26F2-4C6D-95B3-D383EABB4034"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D5C61FF-7CD3-410A-94F2-5DE701466B1F"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF21ABCB-7CAC-467F-A6B6-06AC2E5CB5EE"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28A01C87-B02A-4239-8340-B396D0E6B21C"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "396634C5-774C-4131-B927-3CAD239EF0B3"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64FF0F29-B3C2-4BDC-89FF-DBEDE87D64A4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References