Vulnerability Details : CVE-2011-4887
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2011-4887
- cpe:2.3:a:imperva:securesphere_web_application_firewall:9.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4887
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4887
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-4887
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4887
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73264
Imperva SecureSphere Web Application Firewall unspecified cross-site scripting CVE-2011-4887 Vulnerability Report
-
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002/
Imperva SecureSphere Persistent Cross-Site Scripting Vulnerability 2012 | Secureworks
-
http://www.securityfocus.com/bid/52064
SecureSphere Web Application Firewall Username HTML Injection Vulnerability
-
http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887
Cyber Security Leader | Imperva, Inc.Patch;Vendor Advisory
Jump to