VAR-201103-0172
Vulnerability from variot - Updated: 2023-12-18 13:57Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. Loggerhead is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks. Loggerhead versions prior to 1.18.1 are vulnerable. The following print servers are affected: Encore ENPS-2012 TP-Link TL-PS110U TP Link TL-PS110P Planex Mini-300PU Planex Mini100s ZO Tech PA101 Fast Parallel Port Print Server ZO Tech PU201 Fast USB Print Server ZO Tech PA301 Parallel Port Print Server ZO Tech PS531 USB and Parallel Print Server Longshine Multiple Print Server ZOT-PS-47/9.8.0015 Longshine Multiple Print Server ZOT-PS-35/6.2.0001 Longshine Multiple Print Server ZOT-PS-39/6.3.000. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.
For more information: SA43822
SOLUTION: Apply updated packages via the yum utility ("yum update loggerhead"). ----------------------------------------------------------------------
Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March).
http://secunia.com/company/events/mms_2011/
TITLE: Loggerhead Filename Script Insertion Vulnerability
SECUNIA ADVISORY ID: SA43822
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43822/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43822
RELEASE DATE: 2011-03-25
DISCUSS ADVISORY: http://secunia.com/advisories/43822/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43822/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43822
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: daveb has reported a vulnerability in loggerhead, which can be exploited by malicious users to conduct script insertion attacks.
Input related to the filename is not properly sanitised in loggerhead/templatefunctions.py before being used to display a filename in a revision view.
The vulnerability has been reported in version 1.18.
SOLUTION: Update to version 1.18.1.
PROVIDED AND/OR DISCOVERED BY: Reported by daveb in a bug report.
ORIGINAL ADVISORY: https://launchpad.net/loggerhead/1.18/1.18.1 https://bugs.launchpad.net/loggerhead/+bug/740142
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loggerhead",
"scope": "eq",
"trust": 1.6,
"vendor": "michael hudson doyle",
"version": "1.6.1"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 1.6,
"vendor": "michael hudson doyle",
"version": "1.17"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 1.6,
"vendor": "michael hudson doyle",
"version": "1.6"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 1.6,
"vendor": "michael hudson doyle",
"version": "1.10"
},
{
"model": "loggerhead",
"scope": "lte",
"trust": 1.0,
"vendor": "michael hudson doyle",
"version": "1.18"
},
{
"model": "loggerhead",
"scope": "lt",
"trust": 0.8,
"vendor": "michael hudson doyle",
"version": "1.18.1"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 0.6,
"vendor": "michael hudson doyle",
"version": "1.18"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 0.3,
"vendor": "loggerhead",
"version": "1.18"
},
{
"model": "loggerhead",
"scope": "ne",
"trust": 0.3,
"vendor": "loggerhead",
"version": "1.18.1"
},
{
"model": "tech zot-ps-47",
"scope": "eq",
"trust": 0.3,
"vendor": "zo",
"version": "9.8.0016"
},
{
"model": "tech zot-ps-39",
"scope": "eq",
"trust": 0.3,
"vendor": "zo",
"version": "6.3.0007"
},
{
"model": "tech zot-ps-34",
"scope": "eq",
"trust": 0.3,
"vendor": "zo",
"version": "8.3.0019"
},
{
"model": "tech zot-ps-30",
"scope": "eq",
"trust": 0.3,
"vendor": "zo",
"version": "8.3.0016"
},
{
"model": "tl-ps110u",
"scope": "eq",
"trust": 0.3,
"vendor": "tp link",
"version": "0"
},
{
"model": "tl-ps110p",
"scope": "eq",
"trust": 0.3,
"vendor": "tp link",
"version": "0"
},
{
"model": "mini100s",
"scope": "eq",
"trust": 0.3,
"vendor": "planex",
"version": "0"
},
{
"model": "mini-300pu",
"scope": "eq",
"trust": 0.3,
"vendor": "planex",
"version": "0"
},
{
"model": "nps-2012 print server",
"scope": "eq",
"trust": 0.3,
"vendor": "encore",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "daveb",
"sources": [
{
"db": "BID",
"id": "47032"
}
],
"trust": 0.3
},
"cve": "CVE-2011-0728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-0728",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0728",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-335",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. Loggerhead is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks. \nLoggerhead versions prior to 1.18.1 are vulnerable. \nThe following print servers are affected:\nEncore ENPS-2012\nTP-Link TL-PS110U\nTP Link TL-PS110P\nPlanex Mini-300PU\nPlanex Mini100s\nZO Tech PA101 Fast Parallel Port Print Server\nZO Tech PU201 Fast USB Print Server\nZO Tech PA301 Parallel Port Print Server\nZO Tech PS531 USB and Parallel Print Server\nLongshine Multiple Print Server ZOT-PS-47/9.8.0015\nLongshine Multiple Print Server ZOT-PS-35/6.2.0001\nLongshine Multiple Print Server ZOT-PS-39/6.3.000. This fixes a\nvulnerability, which can be exploited by malicious users to conduct\nscript insertion attacks. \n\nFor more information:\nSA43822\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update loggerhead\"). ----------------------------------------------------------------------\n\n\nMeet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). \n\nhttp://secunia.com/company/events/mms_2011/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nLoggerhead Filename Script Insertion Vulnerability\n\nSECUNIA ADVISORY ID:\nSA43822\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43822/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43822\n\nRELEASE DATE:\n2011-03-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43822/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43822/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43822\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\ndaveb has reported a vulnerability in loggerhead, which can be\nexploited by malicious users to conduct script insertion attacks. \n\nInput related to the filename is not properly sanitised in\nloggerhead/templatefunctions.py before being used to display a\nfilename in a revision view. \n\nThe vulnerability has been reported in version 1.18. \n\nSOLUTION:\nUpdate to version 1.18.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by daveb in a bug report. \n\nORIGINAL ADVISORY:\nhttps://launchpad.net/loggerhead/1.18/1.18.1\nhttps://bugs.launchpad.net/loggerhead/+bug/740142\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "PACKETSTORM",
"id": "100083"
},
{
"db": "PACKETSTORM",
"id": "99744"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0728",
"trust": 3.0
},
{
"db": "BID",
"id": "47032",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "43822",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "71279",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "44017",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0849",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2011-0848",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224",
"trust": 0.8
},
{
"db": "XF",
"id": "66305",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335",
"trust": 0.6
},
{
"db": "BID",
"id": "47143",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "100083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99744",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "PACKETSTORM",
"id": "100083"
},
{
"db": "PACKETSTORM",
"id": "99744"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"id": "VAR-201103-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2023-12-18T13:57:59.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug #740142",
"trust": 0.8,
"url": "https://bugs.launchpad.net/loggerhead/+bug/740142"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://launchpad.net/loggerhead/1.18/1.18.1"
},
{
"trust": 2.0,
"url": "https://bugs.launchpad.net/loggerhead/+bug/740142"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/43822"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/71279"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/47032"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057479.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057502.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057413.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/44017"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2011/0848"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2011/0849"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66305"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0728"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0728"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/66305"
},
{
"trust": 0.3,
"url": "https://launchpad.net/loggerhead"
},
{
"trust": 0.3,
"url": "http://www.encore-usa.com"
},
{
"trust": 0.3,
"url": "http://www.longshine.de"
},
{
"trust": 0.3,
"url": "http://www.planex.net"
},
{
"trust": 0.3,
"url": "http://www.tp-link.com"
},
{
"trust": 0.3,
"url": "http://www.zot.com.tw/"
},
{
"trust": 0.2,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44017/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44017"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44017/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/resources/factsheets/2011_vendor/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43822/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/events/mms_2011/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43822"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43822/"
}
],
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "PACKETSTORM",
"id": "100083"
},
{
"db": "PACKETSTORM",
"id": "99744"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "PACKETSTORM",
"id": "100083"
},
{
"db": "PACKETSTORM",
"id": "99744"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-24T00:00:00",
"db": "BID",
"id": "47032"
},
{
"date": "2011-04-04T00:00:00",
"db": "BID",
"id": "47143"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"date": "2011-04-05T09:58:32",
"db": "PACKETSTORM",
"id": "100083"
},
{
"date": "2011-03-26T09:15:16",
"db": "PACKETSTORM",
"id": "99744"
},
{
"date": "2011-03-29T18:55:01.723000",
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"date": "2011-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T22:15:00",
"db": "BID",
"id": "47032"
},
{
"date": "2011-04-04T00:00:00",
"db": "BID",
"id": "47143"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"date": "2017-08-17T01:33:42.727000",
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"date": "2011-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Loggerhead of templatefunctions.py Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.