CVE-2011-4024

OCS Inventory NG < 2.0.1 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4024. PoCs published by Nicolas DEROUET.

AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in OCS Inventory NG 2.0.1 and prior. The vulnerability allows an attacker to inject malicious HTML/JS through the computer description field, which is then rendered in the admin panel.

Description

Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WRITEUP
by Nicolas DEROUET · textwebappswindows
https://www.exploit-db.com/exploits/18005

This is a writeup describing a persistent XSS vulnerability in OCS Inventory NG 2.0.1 and prior. The vulnerability allows an attacker to inject malicious HTML/JS through the computer description field, which is then rendered in the admin panel.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: OCS Inventory NG 2.0.1 and prior
No auth needed
Prerequisites: Access to modify the computer description field on a system with OCS Agent installed
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/70406
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8477
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/76135
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50011
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:053
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46311
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18005

Scores

EPSS 0.0470
EPSS Percentile 90.6%

Details

CWE
CWE-79
Status published
Products (5)
ocsinventory-ng/ocs_inventory_ng 1.0 (6 CPE variants)
ocsinventory-ng/ocs_inventory_ng 1.01
ocsinventory-ng/ocs_inventory_ng 1.02 (4 CPE variants)
ocsinventory-ng/ocs_inventory_ng 1.02.1
ocsinventory-ng/ocs_inventory_ng < 2.0.1
Published Oct 21, 2011
Tracked Since Feb 18, 2026