CVE-2011-4024
published 2011-10-21CVE-2011-4024: Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.70%
90.7th percentile
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ocsinventory-server | < ocsinventory-server 2.0.2-1 (bookworm) | ocsinventory-server 2.0.2-1 (bookworm) |
| ocsinventory-ng | ocs_inventory_ng | <= 2.0.1 | — |
| ocsinventory-ng | ocs_inventory_ng | — | — |
| ocsinventory-ng | ocs_inventory_ng | — | — |
| ocsinventory-ng | ocs_inventory_ng | — | — |
| ocsinventory-ng | ocs_inventory_ng | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r8g7-7qwc-35qc: Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2
ghsa_unreviewed·2022-05-14
CVE-2011-4024 [MEDIUM] CWE-79 GHSA-r8g7-7qwc-35qc: Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
OSV
CVE-2011-4024: Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2
osv·2011-10-21·CVSS 4.3
CVE-2011-4024 [MEDIUM] CVE-2011-4024: Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Debian
CVE-2011-4024: ocsinventory-server - Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0...
vendor_debian·2011·CVSS 4.3
CVE-2011-4024 [MEDIUM] CVE-2011-4024: ocsinventory-server - Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0...
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 2.0.2-1)
bullseye: resolved (fixed in 2.0.2-1)
sid: resolved (fixed in 2.0.2-1)
No detection rules found.
http://osvdb.org/76135http://secunia.com/advisories/46311http://securityreason.com/securityalert/8477http://www.exploit-db.com/exploits/18005http://www.mandriva.com/security/advisories?name=MDVSA-2012:053http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.htmlhttp://www.securityfocus.com/bid/50011https://exchange.xforce.ibmcloud.com/vulnerabilities/70406http://osvdb.org/76135http://secunia.com/advisories/46311http://securityreason.com/securityalert/8477http://www.exploit-db.com/exploits/18005http://www.mandriva.com/security/advisories?name=MDVSA-2012:053http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.htmlhttp://www.securityfocus.com/bid/50011https://exchange.xforce.ibmcloud.com/vulnerabilities/70406
2011-10-21
Published