CVE-2011-5178

Name of the Vulnerable Software and Affected Versions Infoblox NetMRI versions 6.0.2.42, 6.1.2, 6.2.1 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the eulaAccepted or mode parameter.

Recommendations For Infoblox NetMRI versions 6.0.2.42, 6.1.2, 6.2.1 and earlier, consider restricting access to the login.tdf file in the netmri/config/userAdmin directory until a patch is available. As a temporary workaround, avoid using the eulaAccepted and mode parameters in the affected API endpoint until the issue is resolved.