Vulnerability Details CVE-2011-1952
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 74.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://javierb.com.ar/2011/06/01/postrev-vunls/
- http://postrev.com.ar/verpost.php?id_noticia=59
- http://securityreason.com/securityalert/8270
- http://www.securityfocus.com/archive/1/518205/100/0/threaded
- http://www.securityfocus.com/bid/47967
- http://javierb.com.ar/2011/06/01/postrev-vunls/
- http://postrev.com.ar/verpost.php?id_noticia=59
- http://securityreason.com/securityalert/8270
- http://www.securityfocus.com/archive/1/518205/100/0/threaded
- http://www.securityfocus.com/bid/47967
Products affected by CVE-2011-1952
-
cpe:2.3:a:postrev:post_revolution:*
-
cpe:2.3:a:postrev:post_revolution:0.6.2
-
cpe:2.3:a:postrev:post_revolution:0.6.3
-
cpe:2.3:a:postrev:post_revolution:0.6.4
-
cpe:2.3:a:postrev:post_revolution:0.6.5
-
cpe:2.3:a:postrev:post_revolution:0.6.6
-
cpe:2.3:a:postrev:post_revolution:0.7.0
-
cpe:2.3:a:postrev:post_revolution:0.8.0
-
cpe:2.3:a:postrev:post_revolution:0.8.0b