Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/archive/1/517244/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| http://secunia.com/advisories/43953 | third-party-advisory x_refsource_SECUNIA |
| http://www.osvdb.org/71488 | vdb-entry x_refsource_OSVDB |
| http://www.gcpowertools.com/DownloadLatestVersion | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/8190 | third-party-advisory x_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66545 | vdb-entry x_refsource_XF |
| http://www.securityfocus.com/bid/47015 | vdb-entry x_refsource_BID |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/archive/1/517244/100/0/threaded | mailing-list x_refsource_BUGTRAQ x_transferred |
| http://secunia.com/advisories/43953 | third-party-advisory x_refsource_SECUNIA x_transferred |
| http://www.osvdb.org/71488 | vdb-entry x_refsource_OSVDB x_transferred |
| http://www.gcpowertools.com/DownloadLatestVersion | x_refsource_CONFIRM x_transferred |
| http://securityreason.com/securityalert/8190 | third-party-advisory x_refsource_SREASON x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66545 | vdb-entry x_refsource_XF x_transferred |
| http://www.securityfocus.com/bid/47015 | vdb-entry x_refsource_BID x_transferred |
Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |