CVE-2011-3206

EUVD-2011-3170
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
redhatjboss_operations_network
𝑥
≤ 2.4.1
redhatjboss_operations_network
2.0.0
redhatjboss_operations_network
2.0.1
redhatjboss_operations_network
2.1.0
redhatjboss_operations_network
2.2
redhatjboss_operations_network
2.3
redhatjboss_operations_network
2.3.1
redhatjboss_operations_network
2.4
rhq-projectrhq
4.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2012-0089.html
http://secunia.com/advisories/47197
http://secunia.com/advisories/47280
http://securitytracker.com/id?1026435
https://bugzilla.redhat.com/show_bug.cgi?id=734662
http://rhn.redhat.com/errata/RHSA-2012-0089.html
http://secunia.com/advisories/47197
http://secunia.com/advisories/47280
http://securitytracker.com/id?1026435
https://bugzilla.redhat.com/show_bug.cgi?id=734662