CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2011-4038

Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.02

EPSS Ranking 83.0%

CVSS Severity

CVSS v2 Score 4.3

References

http://secunia.com/advisories/47742
http://secunia.com/advisories/47933
http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf
http://secunia.com/advisories/47742
http://secunia.com/advisories/47933
http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf

Products affected by CVE-2011-4038

Dreamreport » Dream Report » Version: Any

cpe:2.3:a:dreamreport:dream_report:*
Dreamreport » Dream Report » Version: 3.21

cpe:2.3:a:dreamreport:dream_report:3.21
Dreamreport » Dream Report » Version: 3.41

cpe:2.3:a:dreamreport:dream_report:3.41
Dreamreport » Dream Report » Version: 3.42

cpe:2.3:a:dreamreport:dream_report:3.42
Invensys » Wonderware Hmi Reports » Version: Any

cpe:2.3:a:invensys:wonderware_hmi_reports:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-4038

Products

Pricing

Contact Us