CVE-2011-1953
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
06/06/2011
Last modified:
11/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:postrev:post_revolution:*:*:*:*:*:*:*:* | 0.8.0c (including) | |
| cpe:2.3:a:postrev:post_revolution:0.6.2:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.6.3:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.6.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.7.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.7.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.7.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.7.0:rc4:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.8.0:alpha:*:*:*:*:*:* | ||
| cpe:2.3:a:postrev:post_revolution:0.8.0b:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://javierb.com.ar/2011/06/01/postrev-vunls/
- http://postrev.com.ar/verpost.php?id_noticia=59
- http://securityreason.com/securityalert/8270
- http://www.securityfocus.com/archive/1/518205/100/0/threaded
- http://www.securityfocus.com/bid/47967
- http://javierb.com.ar/2011/06/01/postrev-vunls/
- http://postrev.com.ar/verpost.php?id_noticia=59
- http://securityreason.com/securityalert/8270
- http://www.securityfocus.com/archive/1/518205/100/0/threaded
- http://www.securityfocus.com/bid/47967