Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9325

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9325
Last Modified 02 Jan 2015 08:29:25
Published 31 Dec 2014 04:59:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9325

Summary

Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.

Vulnerable Systems

Application

  • Twiki 6.0.1


References

SECTRACK - 1031399

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325

FULLDISC - 20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables

MISC - http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html


Last Updated: 27 May 2016 11:07:24