CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2011-1102
https://notcve.org/view.php?id=CVE-2011-1102
Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en F-Secure Policy Manager v7.x, v8.00 anterior al hotfix v2, v8.1x anterior al hotfix v3 en Windows y hotfix v2 en Linux, y v9.00 anterior al hotfix v4 en Windows y hotfix v2 en Linux, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/43049 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html http://www.securityfocus.com/bid/46547 http://www.securitytracker.com/id?1025124 http://www.vupen.com/english/advisories/2011/0509 https://exchange.xforce.ibmcloud.com/vulnerabilities/65665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2011-1103
https://notcve.org/view.php?id=CVE-2011-1103
The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html. El módulo WebReporting en F-Secure Policy Manager v7.x, v8.00 anterior al hotfix v2, v8.1x anterior al hotfix v3 en Windows y hotfix v2 en Linux, y v9.00 anterior al hotfix v4 en Windows y hotfix v2 en Linux, permite a atacantes remotos obtener información sensible a través de una solicitud para un report no válido, lo que permite revelar la ruta de instalación en un mensaje de error, como se demostró con las solicitudes para (1) report/infection-table.html o report/productsummary-table.html. • http://secunia.com/advisories/43049 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html http://www.securitytracker.com/id?1025124 http://www.vupen.com/english/advisories/2011/0509 https://exchange.xforce.ibmcloud.com/vulnerabilities/65664 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •