CVE-2011-4345 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.6 UNKNOWN	NETWORK	HIGH		AV:N/AC:H/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Vendor	Product	Version
namazu	namazu	𝑥 ≤ 2.0.20
namazu	namazu	2.0
namazu	namazu	2.0.2
namazu	namazu	2.0.12
namazu	namazu	2.0.13
namazu	namazu	2.0.14
namazu	namazu	2.0.15
namazu	namazu	2.0.16
namazu	namazu	2.0.17
namazu	namazu	2.0.18
namazu	namazu	2.0.19

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

namazu2

bookworm	2.0.21-23 fixed
bullseye	2.0.21-23 fixed
squeeze	no-dsa
sid	2.0.21-25 fixed
trixie	2.0.21-25 fixed

Ubuntu Releases

Ubuntu Product

Codename

namazu2

saucy	not-affected
raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	not-affected
natty	ignored
maverick	ignored
lucid	ignored
hardy	ignored

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://secunia.com/advisories/46925

http://www.namazu.org/security.html#cross-site-scripting

http://www.securityfocus.com/bid/50771

https://bugzilla.redhat.com/show_bug.cgi?id=756348

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

http://secunia.com/advisories/46925

http://www.namazu.org/security.html#cross-site-scripting

http://www.securityfocus.com/bid/50771

https://bugzilla.redhat.com/show_bug.cgi?id=756348

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722