Unrated severityNVD Advisory· Published Feb 10, 2012· Updated Jun 16, 2026
CVE-2011-4038
CVE-2011-4038
Description
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Affected products
7cpe:2.3:a:dreamreport:dream_report:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:dreamreport:dream_report:*:*:*:*:*:*:*:*range: <=3.43
- cpe:2.3:a:dreamreport:dream_report:3.21:*:*:*:*:*:*:*
- cpe:2.3:a:dreamreport:dream_report:3.41:*:*:*:*:*:*:*
- cpe:2.3:a:dreamreport:dream_report:3.42:*:*:*:*:*:*:*
cpe:2.3:a:invensys:wonderware_hmi_reports:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:invensys:wonderware_hmi_reports:*:*:*:*:*:*:*:*range: <=3.42.835.0304
- (no CPE)range: <=3.42.835.0304
- Range: <4.0
Patches
Vulnerability mechanics
References
4- secunia.com/advisories/47742nvdVendor Advisory
- secunia.com/advisories/47933nvdVendor Advisory
- www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdfnvdUS Government Resource
- www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdfnvdUS Government Resource
News mentions
0No linked articles in our index yet.