CVE-2011-1660
N/A
N/A
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/archive/1/517244/100/0/threaded
- http://secunia.com/advisories/43953
- http://www.osvdb.org/71488
- http://www.gcpowertools.com/DownloadLatestVersion
- http://securityreason.com/securityalert/8190
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66545
- http://www.securityfocus.com/bid/47015
References
- http://www.securityfocus.com/archive/1/517244/100/0/threaded
- http://secunia.com/advisories/43953
- http://www.osvdb.org/71488
- http://www.gcpowertools.com/DownloadLatestVersion
- http://securityreason.com/securityalert/8190
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66545
- http://www.securityfocus.com/bid/47015
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.