CVE-2011-5178: XSS
First published: Thu Sep 20 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Infoblox NetMRI | =6.1.2 | |
| Infoblox NetMRI | =6.0.2.42 | |
| Infoblox NetMRI | <=6.2.1 | |
| Infoblox NetMRI | =6.2.1.48 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.infoblox.com/community/downloads/hotfix-v602-netmri-8831gpg
- http://www.infoblox.com/community/downloads/hotfix-v612-netmri-8831gpg
- http://seclists.org/fulldisclosure/2011/Nov/158
- http://secunia.com/advisories/46854
- http://www.infoblox.com/community/downloads/hotfix-v621-netmri-8831gpg
- http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss
- http://www.securitytracker.com/id?1026319
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/infoblox
- canonical/infoblox netmri
- version/infoblox netmri/6.1.2
- version/infoblox netmri/6.0.2.42
- version/infoblox netmri/6.2.1
- version/infoblox netmri/6.2.1.48