Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3010

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3010
Last Modified 18 May 2012 12:00:00
Published 30 Sep 2011 06:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3010

Summary

Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.

Vulnerable Systems

Application

  • Twiki 4.0

  • Twiki 4.0.0

  • Twiki 4.0.1

  • Twiki 4.0.2

  • Twiki 4.0.3

  • Twiki 4.0.4

  • Twiki 4.0.5

  • Twiki 4.1.0

  • Twiki 4.1.1

  • Twiki 4.1.2

  • Twiki 4.2.0

  • Twiki 4.2.1

  • Twiki 4.2.2

  • Twiki 4.2.3

  • Twiki 4.2.4

  • Twiki 4.3.0

  • Twiki 4.3.2

  • Twiki 4.5.0

  • Twiki 5.0.0

  • Twiki 5.0.1


References

BID - 49746

OSVDB - 75674

OSVDB - 75673

MISC - http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010

SECTRACK - 1026091

SECUNIA - 46123

CONFIRM - http://develop.twiki.org/trac/changeset/21920

BUGTRAQ - 20110922 XSS Vulnerabilities in TWiki < 5.1.0


Last Updated: 27 May 2016 10:56:29