Vulnerability Name: | CVE-2011-1264 (CCN-67750) | ||||||||
Assigned: | 2011-06-14 | ||||||||
Published: | 2011-06-14 | ||||||||
Updated: | 2020-09-28 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2011-1264 Source: CCN Type: SA44915 Microsoft Windows Active Directory Certificate Services Web Enrollment Cross-Site Scripting Source: CCN Type: Microsoft Security Bulletin MS11-051 Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295) Source: CCN Type: BID-48175 Microsoft Active Directory Certificate Services Web Enrollment Cross-Site Scripting Vulnerability Source: MS Type: UNKNOWN MS11-051 Source: XF Type: UNKNOWN ms-win-active-directory-xss(67750) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:12749 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |