Vulnerability Details : CVE-2011-1841
Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2011-1841
- cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991246:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991251:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999905:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999902:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999920:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999921:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999909:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999906:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999912:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999913:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999924:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999925:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999907:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999904:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999910:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999911:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999914:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991250:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999908:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999903:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999901:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999922:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999923:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999926:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999933:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999932:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999935:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999934:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999928:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999927:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999940:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999941:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999939:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999938:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999931:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999930:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999937:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999936:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999929:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999950:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1841
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1841
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-1841
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1841
-
http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html
[SECURITY] Fedora 14 Update: perl-Mojolicious-0.999929-3.fc14
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67257
Mojolicious link_to helper cross-site scripting CVE-2011-1841 Vulnerability Report
-
http://www.securityfocus.com/bid/47713
Mojolicious 'link_to helper' HTML Injection Vulnerability
-
http://www.debian.org/security/2011/dsa-2239
Debian -- Security Information -- DSA-2239-1 libmojolicious-perl
Jump to