CVE-2011-1558

Current Description

Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242.

Basic Data

PublishedApril 05, 2011
Last ModifiedApril 05, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmWebi1.0.4*******
    2.3ApplicationIbmWebi1.0.4fp1******
    2.3ApplicationIbmWebi1.0.4fp2******

Vulnerable Software List

VendorProductVersions
Ibm Webi 1.0.4

References

NameSourceURLTags
43993http://secunia.com/advisories/43993SECUNIAVendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg24029060http://www.ibm.com/support/docview.wss?uid=swg24029060CONFIRM
ADV-2011-0834http://www.vupen.com/english/advisories/2011/0834VUPENVendor Advisory
IO13663http://www-01.ibm.com/support/docview.wss?uid=swg1IO13663AIXAPAR