Vulnerability Details CVE-2011-5178
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.1%
CVSS Severity
CVSS v2 Score 4.3
References
- http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss
- http://seclists.org/fulldisclosure/2011/Nov/158
- http://secunia.com/advisories/46854
- http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg
- http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg
- http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg
- http://www.securitytracker.com/id?1026319
- http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss
- http://seclists.org/fulldisclosure/2011/Nov/158
- http://secunia.com/advisories/46854
- http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg
- http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg
- http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg
- http://www.securitytracker.com/id?1026319
Products affected by CVE-2011-5178
-
cpe:2.3:a:infoblox:netmri:6.0.2.42
-
cpe:2.3:a:infoblox:netmri:6.1.2
-
cpe:2.3:a:infoblox:netmri:6.2.1
-
cpe:2.3:a:infoblox:netmri:6.2.1.48