CVE-2011-0767

Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
impervasecuresphere_web_application_firewall
6.2
impervasecuresphere_web_application_firewall
7.0
impervasecuresphere_web_application_firewall
7.0.0.7061
impervasecuresphere_web_application_firewall
7.0.0.7078
impervasecuresphere_web_application_firewall
7.5
impervasecuresphere_web_application_firewall
8.0
impervasecuresphere_web_application_firewall
8.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/44772
http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html
http://www.kb.cert.org/vuls/id/567774
http://www.secureworks.com/research/advisories/SWRX-2011-001/
https://exchange.xforce.ibmcloud.com/vulnerabilities/67779
http://secunia.com/advisories/44772
http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html
http://www.kb.cert.org/vuls/id/567774
http://www.secureworks.com/research/advisories/SWRX-2011-001/
https://exchange.xforce.ibmcloud.com/vulnerabilities/67779