ByteOS Network

NVD Vulnerability Details :

CVE-2011-2711

Deferred

Source-secalert@redhat.com

Published At-03 Aug, 2011 | 00:55

Updated At-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

lars_hjemli>>cgit>>Versions up to 0.9.0.2(inclusive)

cpe:2.3:a:lars_hjemli:cgit:*:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.1

cpe:2.3:a:lars_hjemli:cgit:0.1:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.2

cpe:2.3:a:lars_hjemli:cgit:0.2:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.3

cpe:2.3:a:lars_hjemli:cgit:0.3:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.4

cpe:2.3:a:lars_hjemli:cgit:0.4:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.5

cpe:2.3:a:lars_hjemli:cgit:0.5:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.6

cpe:2.3:a:lars_hjemli:cgit:0.6:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.6.1

cpe:2.3:a:lars_hjemli:cgit:0.6.1:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.6.2

cpe:2.3:a:lars_hjemli:cgit:0.6.2:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.6.3

cpe:2.3:a:lars_hjemli:cgit:0.6.3:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.7

cpe:2.3:a:lars_hjemli:cgit:0.7:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.7.1

cpe:2.3:a:lars_hjemli:cgit:0.7.1:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.7.2

cpe:2.3:a:lars_hjemli:cgit:0.7.2:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8

cpe:2.3:a:lars_hjemli:cgit:0.8:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.1

cpe:2.3:a:lars_hjemli:cgit:0.8.1:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.1.1

cpe:2.3:a:lars_hjemli:cgit:0.8.1.1:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.2

cpe:2.3:a:lars_hjemli:cgit:0.8.2:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.2.1

cpe:2.3:a:lars_hjemli:cgit:0.8.2.1:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.2.2

cpe:2.3:a:lars_hjemli:cgit:0.8.2.2:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.3

cpe:2.3:a:lars_hjemli:cgit:0.8.3:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.3.1

cpe:2.3:a:lars_hjemli:cgit:0.8.3.1:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.3.2

cpe:2.3:a:lars_hjemli:cgit:0.8.3.2:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.3.3

cpe:2.3:a:lars_hjemli:cgit:0.8.3.3:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.3.4

cpe:2.3:a:lars_hjemli:cgit:0.8.3.4:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.8.3.5

cpe:2.3:a:lars_hjemli:cgit:0.8.3.5:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.9

cpe:2.3:a:lars_hjemli:cgit:0.9:*:*:*:*:*:*:*

lars_hjemli>>cgit>>0.9.0.1

cpe:2.3:a:lars_hjemli:cgit:0.9.0.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5	secalert@redhat.com	Patch
http://hjemli.net/pipermail/cgit/2011-July/000276.html	secalert@redhat.com	Patch
http://secunia.com/advisories/45358	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/45541	secalert@redhat.com	N/A
http://www.openwall.com/lists/oss-security/2011/07/22/2	secalert@redhat.com	Patch
http://www.openwall.com/lists/oss-security/2011/07/22/6	secalert@redhat.com	N/A
http://www.openwall.com/lists/oss-security/2011/07/22/7	secalert@redhat.com	Patch
http://www.openwall.com/lists/oss-security/2011/07/24/3	secalert@redhat.com	Patch
http://www.openwall.com/lists/oss-security/2011/07/24/4	secalert@redhat.com	Patch
http://www.osvdb.org/74050	secalert@redhat.com	Patch
http://www.securityfocus.com/bid/48866	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=725042	secalert@redhat.com	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68754	secalert@redhat.com	N/A
https://hermes.opensuse.org/messages/10998459	secalert@redhat.com	N/A
http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5	af854a3a-2127-422b-91ae-364da2661108	Patch
http://hjemli.net/pipermail/cgit/2011-July/000276.html	af854a3a-2127-422b-91ae-364da2661108	Patch
http://secunia.com/advisories/45358	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/45541	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.openwall.com/lists/oss-security/2011/07/22/2	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.openwall.com/lists/oss-security/2011/07/22/6	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.openwall.com/lists/oss-security/2011/07/22/7	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.openwall.com/lists/oss-security/2011/07/24/3	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.openwall.com/lists/oss-security/2011/07/24/4	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.osvdb.org/74050	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.securityfocus.com/bid/48866	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=725042	af854a3a-2127-422b-91ae-364da2661108	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68754	af854a3a-2127-422b-91ae-364da2661108	N/A
https://hermes.opensuse.org/messages/10998459	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History