{"api_version":"1","generated_at":"2026-04-23T09:51:14+00:00","cve":"CVE-2011-1976","urls":{"html":"https://cve.report/CVE-2011-1976","api":"https://cve.report/api/cve/CVE-2011-1976.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-1976","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-1976"},"summary":{"title":"CVE-2011-1976","description":"Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\"","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2011-08-10 21:55:00","updated_at":"2018-10-12 22:01:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270","name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773","name":"oval:org.mitre.oval:def:12773","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=145326307707460&w=2","name":"HPSBGN03534","refsource":"HP","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA11-221A.html","name":"TA11-221A","refsource":"CERT","tags":["Third Party Advisory","US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA11-221A -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067","name":"MS11-067","refsource":"MS","tags":[],"title":"Microsoft Security Bulletin MS11-067 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/49033","name":"49033","refsource":"BID","tags":[],"title":"Microsoft Visual Studio Report Viewer Control Multiple Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-1976","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1976","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"1976","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"report_viewer","cpe6":"2005","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1976","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"report_viewer","cpe6":"2005","cpe7":"sp1","cpe8":"redistributable_package","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1976","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"report_viewer","cpe6":"2005","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1976","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"report_viewer","cpe6":"2005","cpe7":"sp1","cpe8":"redistributable_package","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1976","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio","cpe6":"2005","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"1976","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio","cpe6":"2005","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2011-1976","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"MS11-067","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067"},{"name":"HPSBGN03534","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=145326307707460&w=2"},{"name":"oval:org.mitre.oval:def:12773","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773"},{"name":"49033","refsource":"BID","url":"http://www.securityfocus.com/bid/49033"},{"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270","refsource":"CONFIRM","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270"},{"name":"TA11-221A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA11-221A.html"}]}},"nvd":{"publishedDate":"2011-08-10 21:55:00","lastModifiedDate":"2018-10-12 22:01:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"1976","Ordinal":"49174","Title":"CVE-2011-1976","CVE":"CVE-2011-1976","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"1976","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\"","Type":"Description","Title":null},{"CveYear":"2011","CveId":"1976","Ordinal":"2","NoteData":"2011-08-10","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"1976","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}