CVE-2011-1660

Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
grapecitydata_dynamics_reports
𝑥
≤ 1.6.1871.61
grapecitydata_dynamics_reports
0.5.125.0:beta1
grapecitydata_dynamics_reports
0.5.142.0:beta2
grapecitydata_dynamics_reports
1.0.30.0
grapecitydata_dynamics_reports
1.0.63.0
grapecitydata_dynamics_reports
1.0.128.0
grapecitydata_dynamics_reports
1.0.175.0:beta
grapecitydata_dynamics_reports
1.0.195.0:beta
grapecitydata_dynamics_reports
1.0.236.0:beta
grapecitydata_dynamics_reports
1.0.261.0:rc
grapecitydata_dynamics_reports
1.0.342.0:rc
grapecitydata_dynamics_reports
1.0.419.0
grapecitydata_dynamics_reports
1.0.441.0
grapecitydata_dynamics_reports
1.0.546.0
grapecitydata_dynamics_reports
1.5.711.0
grapecitydata_dynamics_reports
1.5.750.0
grapecitydata_dynamics_reports
1.5.807.0
grapecitydata_dynamics_reports
1.5.866.0
grapecitydata_dynamics_reports
1.5.905.0
grapecitydata_dynamics_reports
1.5.1052.0
grapecitydata_dynamics_reports
1.6.1818.0
grapecitydata_dynamics_reports
1.6.1818.8
grapecitydata_dynamics_reports
1.6.1871.8
grapecitydata_dynamics_reports
1.6.1871.24
grapecitydata_dynamics_reports
1.6.1871.45
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/43953
http://securityreason.com/securityalert/8190
http://www.gcpowertools.com/DownloadLatestVersion
http://www.osvdb.org/71488
http://www.securityfocus.com/archive/1/517244/100/0/threaded
http://www.securityfocus.com/bid/47015
https://exchange.xforce.ibmcloud.com/vulnerabilities/66545
http://secunia.com/advisories/43953
http://securityreason.com/securityalert/8190
http://www.gcpowertools.com/DownloadLatestVersion
http://www.osvdb.org/71488
http://www.securityfocus.com/archive/1/517244/100/0/threaded
http://www.securityfocus.com/bid/47015
https://exchange.xforce.ibmcloud.com/vulnerabilities/66545