CVE-2011-3199

Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
gplhostdomain_technologie_control
𝑥
≤ 0.32.11
gplhostdomain_technologie_control
0.24.6
gplhostdomain_technologie_control
0.25.1
gplhostdomain_technologie_control
0.25.2
gplhostdomain_technologie_control
0.25.3
gplhostdomain_technologie_control
0.26.7
gplhostdomain_technologie_control
0.26.8
gplhostdomain_technologie_control
0.26.9
gplhostdomain_technologie_control
0.27.3
gplhostdomain_technologie_control
0.28.2
gplhostdomain_technologie_control
0.28.3
gplhostdomain_technologie_control
0.28.4
gplhostdomain_technologie_control
0.28.6
gplhostdomain_technologie_control
0.28.9
gplhostdomain_technologie_control
0.28.10
gplhostdomain_technologie_control
0.29.1
gplhostdomain_technologie_control
0.29.6
gplhostdomain_technologie_control
0.29.8
gplhostdomain_technologie_control
0.29.10
gplhostdomain_technologie_control
0.29.14
gplhostdomain_technologie_control
0.29.15
gplhostdomain_technologie_control
0.29.16
gplhostdomain_technologie_control
0.29.17
gplhostdomain_technologie_control
0.30.6
gplhostdomain_technologie_control
0.30.8
gplhostdomain_technologie_control
0.30.10
gplhostdomain_technologie_control
0.30.18
gplhostdomain_technologie_control
0.30.20
gplhostdomain_technologie_control
0.32.1
gplhostdomain_technologie_control
0.32.2
gplhostdomain_technologie_control
0.32.3
gplhostdomain_technologie_control
0.32.4
gplhostdomain_technologie_control
0.32.5
gplhostdomain_technologie_control
0.32.6
gplhostdomain_technologie_control
0.32.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dtc
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3
http://www.debian.org/security/2011/dsa-2365
http://www.openwall.com/lists/oss-security/2011/08/13/1
http://www.openwall.com/lists/oss-security/2011/08/24/10
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3
http://www.debian.org/security/2011/dsa-2365
http://www.openwall.com/lists/oss-security/2011/08/13/1
http://www.openwall.com/lists/oss-security/2011/08/24/10
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584