Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4038

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4038
Last Modified 14 Feb 2012 12:00:00
Published 10 Feb 2012 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4038

Summary

Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Vulnerable Systems

Application

  • Dreamreport Dream Report 3.21

  • Dreamreport Dream Report 3.41

  • Dreamreport Dream Report 3.42

  • Dreamreport Dream Report 3.43

  • Invensys Wonderware Hmi Reports 3.42.835.0304

  • Ocean Data Systems Dream Report 3.21

  • Ocean Data Systems Dream Report 3.41

  • Ocean Data Systems Dream Report 3.42

  • Ocean Data Systems Dream Report 3.43


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf

SECUNIA - 47933

SECUNIA - 47742


Last Updated: 27 May 2016 10:58:14