CVE-2011-4345
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
30/11/2011
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie.
Impact
Base Score 2.0
2.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:namazu:namazu:*:*:*:*:*:*:*:* | 2.0.20 (including) | |
| cpe:2.3:a:namazu:namazu:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.16:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.17:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.18:*:*:*:*:*:*:* | ||
| cpe:2.3:a:namazu:namazu:2.0.19:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/46925
- http://www.namazu.org/security.html#cross-site-scripting
- http://www.securityfocus.com/bid/50771
- https://bugzilla.redhat.com/show_bug.cgi?id=756348
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- http://secunia.com/advisories/46925
- http://www.namazu.org/security.html#cross-site-scripting
- http://www.securityfocus.com/bid/50771
- https://bugzilla.redhat.com/show_bug.cgi?id=756348
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722