{"api_version":"1","generated_at":"2026-05-06T15:46:10+00:00","cve":"CVE-2011-1896","urls":{"html":"https://cve.report/CVE-2011-1896","api":"https://cve.report/api/cve/CVE-2011-1896.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-1896","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-1896"},"summary":{"title":"CVE-2011-1896","description":"Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"ExcelTable Reflected XSS Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2011-10-12 02:52:43","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12197","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12197","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/76233","name":"http://osvdb.org/76233","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS11-079 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-1896","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1896","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"1896","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"forefront_unified_access_gateway","cpe6":"2010","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1896","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"forefront_unified_access_gateway","cpe6":"2010","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1896","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"forefront_unified_access_gateway","cpe6":"2010","cpe7":"update1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1896","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"forefront_unified_access_gateway","cpe6":"2010","cpe7":"update2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T22:46:00.938Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"oval:org.mitre.oval:def:12197","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12197"},{"name":"MS11-079","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079"},{"name":"76233","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/76233"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-10-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"ExcelTable Reflected XSS Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"oval:org.mitre.oval:def:12197","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12197"},{"name":"MS11-079","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079"},{"name":"76233","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/76233"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2011-1896","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"ExcelTable Reflected XSS Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"oval:org.mitre.oval:def:12197","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12197"},{"name":"MS11-079","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079"},{"name":"76233","refsource":"OSVDB","url":"http://osvdb.org/76233"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2011-1896","datePublished":"2011-10-12T01:00:00.000Z","dateReserved":"2011-05-04T00:00:00.000Z","dateUpdated":"2024-08-06T22:46:00.938Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-10-12 02:52:43","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:*:*:*:*:*:*:*","matchCriteriaId":"C17E843B-C2FE-433B-B37A-615494AAB211"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1:*:*:*:*:*:*","matchCriteriaId":"96448A86-3D9B-488C-A95C-4CCAE1FE177D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update1:*:*:*:*:*:*","matchCriteriaId":"8D9218D0-D3C5-400A-A8C4-C25160B746B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update2:*:*:*:*:*:*","matchCriteriaId":"C8B9D477-AC0F-4271-ACEF-325C31E8BE40"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"1896","Ordinal":"1","Title":"CVE-2011-1896","CVE":"CVE-2011-1896","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"1896","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"ExcelTable Reflected XSS Vulnerability.\"","Type":"Description","Title":"CVE-2011-1896"},{"CveYear":"2011","CveId":"1896","Ordinal":"2","NoteData":"2011-10-11","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"1896","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}