{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T05:58:19.350","vulnerabilities":[{"cve":{"id":"CVE-2011-4038","sourceIdentifier":"cret@cert.org","published":"2012-02-10T19:55:01.750","lastModified":"2026-04-29T01:13:23.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."},{"lang":"es","value":"Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Invensys Wonderware HMI Reports 3.42.835.0304 y anteriores, como el usado en Ocean Data Systems Dream Report anteriores a v4.0 y otros programas, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados.\r\n"}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dreamreport:dream_report:*:*:*:*:*:*:*:*","versionEndIncluding":"3.43","matchCriteriaId":"F2DD8213-B11B-48BF-A2A1-9F485F02D310"},{"vulnerable":true,"criteria":"cpe:2.3:a:dreamreport:dream_report:3.21:*:*:*:*:*:*:*","matchCriteriaId":"3E8A91FF-176F-4823-90F3-AA998F54558B"},{"vulnerable":true,"criteria":"cpe:2.3:a:dreamreport:dream_report:3.41:*:*:*:*:*:*:*","matchCriteriaId":"6CB7D92A-80CA-45C3-8A94-0FE560791D05"},{"vulnerable":true,"criteria":"cpe:2.3:a:dreamreport:dream_report:3.42:*:*:*:*:*:*:*","matchCriteriaId":"2E435F35-43CA-46DE-8637-17F84D43E4AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:invensys:wonderware_hmi_reports:*:*:*:*:*:*:*:*","versionEndIncluding":"3.42.835.0304","matchCriteriaId":"97C412F4-B6C6-4000-8828-16A2B0AF9262"}]}]}],"references":[{"url":"http://secunia.com/advisories/47742","source":"cret@cert.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/47933","source":"cret@cert.org","tags":["Vendor Advisory"]},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf","source":"cret@cert.org","tags":["US Government Resource"]},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf","source":"cret@cert.org","tags":["US Government Resource"]},{"url":"http://secunia.com/advisories/47742","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/47933","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]}]}}]}