Vulnerability Details CVE-2011-1953
Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://javierb.com.ar/2011/06/01/postrev-vunls/
- http://postrev.com.ar/verpost.php?id_noticia=59
- http://securityreason.com/securityalert/8270
- http://www.securityfocus.com/archive/1/518205/100/0/threaded
- http://www.securityfocus.com/bid/47967
- http://javierb.com.ar/2011/06/01/postrev-vunls/
- http://postrev.com.ar/verpost.php?id_noticia=59
- http://securityreason.com/securityalert/8270
- http://www.securityfocus.com/archive/1/518205/100/0/threaded
- http://www.securityfocus.com/bid/47967
Products affected by CVE-2011-1953
-
cpe:2.3:a:postrev:post_revolution:*
-
cpe:2.3:a:postrev:post_revolution:0.6.2
-
cpe:2.3:a:postrev:post_revolution:0.6.3
-
cpe:2.3:a:postrev:post_revolution:0.6.4
-
cpe:2.3:a:postrev:post_revolution:0.6.5
-
cpe:2.3:a:postrev:post_revolution:0.6.6
-
cpe:2.3:a:postrev:post_revolution:0.7.0
-
cpe:2.3:a:postrev:post_revolution:0.8.0
-
cpe:2.3:a:postrev:post_revolution:0.8.0b