Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5285

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5285
Last Modified 02 Jan 2015 07:36:13
Published 31 Dec 2014 09:59:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5285

Summary

Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_INFO to (4) AdminProjectList.php, (5) AdminGroupList.php, or (6) AdminUserLogList.php.

Vulnerable Systems

Application

  • Bugfree 2.1.3


References

MISC - https://www.htbridge.com/advisory/HTB23048


Last Updated: 27 May 2016 11:07:23