Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3684

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3684
Last Modified 21 May 2012 12:00:00
Published 27 Sep 2011 03:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3684

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp.

Vulnerable Systems

Application

  • Tembria Server Monitor 4.0.6

  • Tembria Server Monitor 4.0.7

  • Tembria Server Monitor 4.1.0

  • Tembria Server Monitor 4.1.1

  • Tembria Server Monitor 4.1.2

  • Tembria Server Monitor 4.1.3

  • Tembria Server Monitor 4.2

  • Tembria Server Monitor 4.2.1

  • Tembria Server Monitor 4.3

  • Tembria Server Monitor 4.3.1

  • Tembria Server Monitor 4.3.2

  • Tembria Server Monitor 4.3.3

  • Tembria Server Monitor 5.0

  • Tembria Server Monitor 5.0.0

  • Tembria Server Monitor 5.0.1

  • Tembria Server Monitor 5.0.2

  • Tembria Server Monitor 5.0.3

  • Tembria Server Monitor 5.0.4

  • Tembria Server Monitor 5.0.5

  • Tembria Server Monitor 5.1.0

  • Tembria Server Monitor 5.1.1

  • Tembria Server Monitor 5.1.2

  • Tembria Server Monitor 5.1.3

  • Tembria Server Monitor 5.2.0

  • Tembria Server Monitor 5.2.1

  • Tembria Server Monitor 5.2.2

  • Tembria Server Monitor 5.2.3

  • Tembria Server Monitor 5.2.4

  • Tembria Server Monitor 5.2.5

  • Tembria Server Monitor 5.3.0

  • Tembria Server Monitor 5.3.1

  • Tembria Server Monitor 5.3.2

  • Tembria Server Monitor 5.3.3

  • Tembria Server Monitor 5.3.4

  • Tembria Server Monitor 5.3.5

  • Tembria Server Monitor 5.3.6

  • Tembria Server Monitor 5.5.0

  • Tembria Server Monitor 5.5.1

  • Tembria Server Monitor 5.5.2

  • Tembria Server Monitor 5.5.3

  • Tembria Server Monitor 5.6.0

  • Tembria Server Monitor 5.6.1

  • Tembria Server Monitor 5.6.2

  • Tembria Server Monitor 5.6.3

  • Tembria Server Monitor 6.0.0

  • Tembria Server Monitor 6.0.1

  • Tembria Server Monitor 6.0.2

  • Tembria Server Monitor 6.0.3

  • Tembria Server Monitor 6.0.4


References

MISC - http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html


Last Updated: 27 May 2016 10:57:44