Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4923

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4923
Last Modified 28 Nov 2012 12:00:00
Published 17 Feb 2012 07:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4923

Summary

Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361.

Vulnerable Systems

Application

  • Craig Barratt Backuppc 3.0.0

  • Craig Barratt Backuppc 3.1.0

  • Craig Barratt Backuppc 3.2.0

  • Craig Barratt Backuppc 3.2.1


References

XF - backuppc-num-xss(71030)

BID - 50406

MLIST - [oss-security] 20120104 Re: CVE Request: Security issue in backuppc

MLIST - [oss-security] 20111027 CVE Request: Security issue in backuppc

UBUNTU - USN-1249-1

SECUNIA - 46615


Last Updated: 27 May 2016 10:58:18