CVE-2011-1976

Microsoft Visual Studio 2005 SP1-Report Viewer 2005 SP1 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1976. PoCs published by Adam Bixby.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Microsoft Visual Studio's ReportViewerWebControl.axd by injecting arbitrary JavaScript code via the TimerMethod parameter, which is not properly sanitized.

Description

Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adam Bixby · textremotewindows

https://www.exploit-db.com/exploits/36020

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Microsoft Visual Studio's ReportViewerWebControl.axd by injecting arbitrary JavaScript code via the TimerMethod parameter, which is not properly sanitized.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Visual Studio (specific version not specified)

No auth needed

Prerequisites: A vulnerable instance of Microsoft Visual Studio with accessible ReportViewerWebControl.axd endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067

Third Party Advisory vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=145326307707460&w=2

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/49033

Third Party Advisory x_refsource_confirm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA11-221A.html

Scores

EPSS 0.2081

EPSS Percentile 97.2%

Details

CWE

CWE-79

Status published

Products (2)

microsoft/report_viewer 2005 sp1 (2 CPE variants)

microsoft/visual_studio 2005 sp1

Published Aug 10, 2011

Tracked Since Feb 18, 2026