CVE-2011-1976
Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el control "Report Viewer" de Microsoft Visual Studio 2005 SP1 y Report Viewer 2005 SP1 permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de un parámetro en una fuente de datos. También conocido como "Vulnerabilidad XSS en el control Report Viewer".
A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure. Revision 1 of this advisory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-05-09 CVE Reserved
- 2011-08-09 First Exploit
- 2011-08-10 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/49033 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA11-221A.html | Third Party Advisory | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/36020 | 2011-08-09 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=145326307707460&w=2 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Report Viewer Search vendor "Microsoft" for product "Report Viewer" | 2005 Search vendor "Microsoft" for product "Report Viewer" and version "2005" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Report Viewer Search vendor "Microsoft" for product "Report Viewer" | 2005 Search vendor "Microsoft" for product "Report Viewer" and version "2005" | sp1, redistributable_package |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2005 Search vendor "Microsoft" for product "Visual Studio" and version "2005" | sp1 |
Affected
| ||||||