CVE-2011-5178

Summary

CVE	CVE-2011-5178
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-09-20 10:55:00 UTC
Updated	2012-12-17 05:00:00 UTC
Description	Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Infoblox	Netmri	6.0.2.42	All	All	All
Application	Infoblox	Netmri	6.1.2	All	All	All
Application	Infoblox	Netmri	6.2.1.48	All	All	All
Application	Infoblox	Netmri	6.0.2.42	All	All	All
Application	Infoblox	Netmri	6.1.2	All	All	All
Application	Infoblox	Netmri	6.2.1.48	All	All	All
Application	Infoblox	Netmri	All	All	All	All

References

Reference	Source	Link	Tags
Page Not Found \| Raytheon	MISC	foregroundsecurity.com	Exploit
Full Disclosure: [FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities	FULLDISC	seclists.org	Exploit
About Secunia Research \| Flexera	SECUNIA	secunia.com	Vendor Advisory
Infoblox NetMRI Input Validation Flaw in Login Page Permits Cross-Site Scripting Attacks - SecurityTracker	SECTRACK	www.securitytracker.com	Exploit
Home - Infoblox Experts Community	CONFIRM	www.infoblox.com	Vendor Advisory
Home - Infoblox Experts Community	CONFIRM	www.infoblox.com	Vendor Advisory
Home - Infoblox Experts Community	CONFIRM	www.infoblox.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.