Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5304

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5304
Last Modified 03 Mar 2009 02:00:26
Published 09 Dec 2008 07:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5304

Summary

Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.

Vulnerable Systems

Application

  • Twiki 2000-12-01

  • Twiki 2001-09-01

  • Twiki 2001-12-01

  • Twiki 2003-02-01

  • Twiki 2004-09-01

  • Twiki 2004-09-02

  • Twiki 2004-09-03

  • Twiki 2004-09-04

  • Twiki 4.0.0

  • Twiki 4.0.1

  • Twiki 4.0.2

  • Twiki 4.0.3

  • Twiki 4.0.4

  • Twiki 4.0.5

  • Twiki 4.1.0

  • Twiki 4.1.1

  • Twiki 4.1.2

  • Twiki 4.2.0

  • Twiki 4.2.1

  • Twiki 4.2.2

  • Twiki 4.2.3


References

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304

XF - twiki-urlparam-xss(47122)

VUPEN - ADV-2008-3381

BID - 32669

SECTRACK - 1021351

SECUNIA - 33040


Last Updated: 27 May 2016 10:48:46