CVE-2011-5269

Published Jan 2, 2014

Last updated 11 years ago

CVSS info 3.5

Overview

Description: Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:projectforge:projectforge:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A34F59B-BC21-44E6-BEE7-E0EDDF6C6008",
            "versionEndIncluding": "3.5.2"
          },
          {
            "criteria": "cpe:2.3:a:projectforge:projectforge:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF70AE09-E98C-4512-83A4-FA669EDC80F2"
          },
          {
            "criteria": "cpe:2.3:a:projectforge:projectforge:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1805B82F-096C-445A-8FD3-F8292B9A1B2D"
          },
          {
            "criteria": "cpe:2.3:a:projectforge:projectforge:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "993388E3-2D75-4D87-BDC3-55C727F5B4DA"
          },
          {
            "criteria": "cpe:2.3:a:projectforge:projectforge:3.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBCCD573-E381-409F-9649-B51E72B2B6CC"
          },
          {
            "criteria": "cpe:2.3:a:projectforge:projectforge:3.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "090934F8-03F9-4E13-A378-32B49740703D"
          },
          {
            "criteria": "cpe:2.3:a:projectforge:projectforge:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07C89089-5C56-40EE-8319-E9852EBC9C56"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References