CVE-2011-2672
Description
Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability
SemanticScuttle, a social bookmarking tool, contains a cross-site scripting (XSS) vulnerability in versions prior to 0.98 [3][4]. The vulnerability exists due to insufficient sanitization of user-supplied input, allowing injection of arbitrary web script or HTML via unspecified vectors [3][4]. The exact input fields or parameters that trigger the flaw have not been publicly detailed.
Exploitation
According to the CVSS v2 score provided by JVNDB, exploitation requires the attacker to be authenticated to the application (Authentication: Single Instance) and the attack complexity is medium (Access Complexity: Medium) [4]. An authenticated attacker can inject malicious script into the application, which is then stored or reflected and executed in the browsers of other users when they view the affected content [3][4]. The specific steps to trigger the vulnerability are not disclosed in the available references.
Impact
Successful exploitation allows an attacker to execute arbitrary script in the context of a victim's browser [3][4]. This can lead to information disclosure, session hijacking, or other actions that the victim's browser can perform on the affected SemanticScuttle instance [3][4]. The integrity of the application's data may be partially compromised, but confidentiality and availability are not directly affected [4].
Mitigation
The vulnerability is fixed in SemanticScuttle version 0.98.0 [1][3]. Users should upgrade to this version or later to mitigate the risk [3][4]. No workarounds have been published in the available references. The vendor has not indicated that any older versions are end-of-life.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14cpe:2.3:a:christian_weiske:semanticscuttle:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:christian_weiske:semanticscuttle:*:*:*:*:*:*:*:*range: <=0.97
- cpe:2.3:a:christian_weiske:semanticscuttle:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.88:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.89:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:christian_weiske:semanticscuttle:0.96:*:*:*:*:*:*:*
- Range: <0.98
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- sourceforge.net/projects/semanticscuttle/files/SemanticScuttle/v0.98/SemanticScuttle-0.98.0.zip/downloadnvdPatch
- secunia.com/advisories/46031nvdVendor Advisory
- jvn.jp/en/jp/JVN28973089/index.htmlnvd
- jvndb.jvn.jp/jvndb/JVNDB-2011-000074nvd
- osvdb.org/75585nvd
- www.securityfocus.com/bid/49661nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/69900nvd
News mentions
0No linked articles in our index yet.