{"api_version":"1","generated_at":"2026-04-23T04:09:35+00:00","cve":"CVE-2011-3320","urls":{"html":"https://cve.report/CVE-2011-3320","api":"https://cve.report/api/cve/CVE-2011-3320.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-3320","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-3320"},"summary":{"title":"CVE-2011-3320","description":"Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2011-11-02 17:55:00","updated_at":"2011-11-17 05:00:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-02.pdf","name":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-02.pdf","refsource":"MISC","tags":["US Government Resource"],"title":"404 - File Not Found | CISA","mime":"application/pdf","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/50473","name":"50473","refsource":"BID","tags":[],"title":"GE Proficy Historian Web Administrator Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-3320","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3320","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"3320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"intelligent_platforms_proficy_historian","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"intelligent_platforms_proficy_historian","cpe6":"3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3320","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"intelligent_platforms_proficy_historian","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3320","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"intelligent_platforms_proficy_historian","cpe6":"3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3320","vulnerable":"1","versionEndIncluding":"4.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"intelligent_platforms_proficy_historian","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2011-3320","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-02.pdf","refsource":"MISC","url":"http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-02.pdf"},{"name":"50473","refsource":"BID","url":"http://www.securityfocus.com/bid/50473"}]}},"nvd":{"publishedDate":"2011-11-02 17:55:00","lastModifiedDate":"2011-11-17 05:00:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:intelligent_platforms_proficy_historian:3.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:intelligent_platforms_proficy_historian:3.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:intelligent_platforms_proficy_historian:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"3320","Ordinal":"50565","Title":"CVE-2011-3320","CVE":"CVE-2011-3320","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"3320","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"3320","Ordinal":"2","NoteData":"2011-11-02","Type":"Other","Title":"Published"}]}}}