NVD

Id
11514  
Name
CVE-2011-5258  
Description
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2013-02-12  
Modified Date
2013-02-13  
Seq
2011-5258  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
63117 11514 CVE-2011-5258 http://blog.orangehrm.com/2011/12/09/security-vulnerabilities-fixed-with-orangehrm-26112/  View
63118 11514 CVE-2011-5258 20111130 Multiple vulnerabilities in OrangeHRM  View
63119 11514 CVE-2011-5258 50857  View
63120 11514 CVE-2011-5258 orangehrm-multiple-xss(71568)  View
63121 11514 CVE-2011-5258 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_orangehrm.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
19983 JVNDB-2013-001558 OrangeHRM におけるクロスサイトスクリプティングの脆弱性 OrangeHRM には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2011-5258 53165 CVE-2011-5258 11514 4.3 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001558.html 2013-02-12 2013-02-15 View