| Vulnerability Name: | CVE-2011-2644 (CCN-69279) | ||||||||
| Assigned: | 2011-08-18 | ||||||||
| Published: | 2011-08-18 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-2644 Source: CCN Type: KIWI Web site KIWI Source: CCN Type: opensuse-security-announce Mailing List, Thu, 18 Aug 2011 09:08:24 +0200 (CEST) SUSE-SU-2011:0917-1: critical: Security update for kiwi Source: SUSE Type: UNKNOWN SUSE-SU-2011:0917 Source: CONFIRM Type: UNKNOWN http://support.novell.com/security/cve/CVE-2011-2644.html Source: CCN Type: OSVDB ID: 74760 Kiwi RPM Info Display Unspecified XSS Source: BID Type: UNKNOWN 49236 Source: CCN Type: BID-49236 Kiwi Multiple Remote Code Execution, HTML Injection and Local File Inclusion Vulnerabilities Source: CONFIRM Type: UNKNOWN https://bugzilla.novell.com/show_bug.cgi?id=700591 Source: XF Type: UNKNOWN kiwi-rpm-xss(69279) Source: XF Type: UNKNOWN kiwi-rpm-xss(69279) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||