Web application abuses : XWiki Watch Multiple Cross Site Scripting Vulnerabilities

Resumen de Precio/Funciones | Ordenar | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad

Búsqueda de Vulnerabilidad		Buscar 61204 Descripciones CVE y 32582 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801564

Categoría: Web application abuses

Título: XWiki Watch Multiple Cross Site Scripting Vulnerabilities

Resumen: Check for cross site scripting vulnerability in XWiki Watch

Descripción:
Overview: This host is running XWiki Watch and is prone to multiple cross site
scripting vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:
- An Input passed via the 'rev' parameter to 'xwiki/bin/viewrev/Main/WebHome'
or 'xwiki/bin/view/Blog' is not properly sanitised before being returned to
the user.
- An Input passed via the 'register_first_name' and 'register_last_name'
parameters to 'xwiki/bin/register/XWiki/Register' is not properly sanitised
before being displayed to the user.

Impact:
Successful exploitation will allow remote attackers to insert arbitrary HTML
and script code, which will be executed in a user's browser session in the
context of an affected site when malicious data is being viewed.

Impact Level: Application.

Affected Software :
XWiki Watch version 1.0

Fix: No solution or patch is available as of 05th january, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://watch.xwiki.org/xwiki/bin/view/Main/

References:
http://www.osvdb.org/68975
http://secunia.com/advisories/42090
http://xforce.iss.net/xforce/xfdb/62941
http://xforce.iss.net/xforce/xfdb/62940

Referencia Cruzada: BugTraq ID: 44606
Common Vulnerability Exposure (CVE) ID: CVE-2010-4640
http://www.securityfocus.com/bid/44606
http://www.osvdb.org/68973
http://www.osvdb.org/68974
http://www.osvdb.org/68975
http://secunia.com/advisories/42090
XForce ISS Database: xwiki-watch-registerfirstname-xss(62941)
http://xforce.iss.net/xforce/xfdb/62941
XForce ISS Database: xwiki-watch-rev-xss(62940)
http://xforce.iss.net/xforce/xfdb/62940

Copyright Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:

Usuario:

Contraseña:

Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.

Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.

Privacidad

Ingreso de Usuario Registrado

Usuario:

Contraseña:

¿Olvidó su usuario o contraseña??

Email/ID de Usario:

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801564
Categoría:	Web application abuses
Título:	XWiki Watch Multiple Cross Site Scripting Vulnerabilities
Resumen:	Check for cross site scripting vulnerability in XWiki Watch
Descripción:	Overview: This host is running XWiki Watch and is prone to multiple cross site scripting vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An Input passed via the 'rev' parameter to 'xwiki/bin/viewrev/Main/WebHome' or 'xwiki/bin/view/Blog' is not properly sanitised before being returned to the user. - An Input passed via the 'register_first_name' and 'register_last_name' parameters to 'xwiki/bin/register/XWiki/Register' is not properly sanitised before being displayed to the user. Impact: Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is being viewed. Impact Level: Application. Affected Software : XWiki Watch version 1.0 Fix: No solution or patch is available as of 05th january, 2011. Information regarding this issue will be updated once the solution details are available. For updates refer to http://watch.xwiki.org/xwiki/bin/view/Main/ References: http://www.osvdb.org/68975 http://secunia.com/advisories/42090 http://xforce.iss.net/xforce/xfdb/62941 http://xforce.iss.net/xforce/xfdb/62940
Referencia Cruzada:	BugTraq ID: 44606 Common Vulnerability Exposure (CVE) ID: CVE-2010-4640 http://www.securityfocus.com/bid/44606 http://www.osvdb.org/68973 http://www.osvdb.org/68974 http://www.osvdb.org/68975 http://secunia.com/advisories/42090 XForce ISS Database: xwiki-watch-registerfirstname-xss(62941) http://xforce.iss.net/xforce/xfdb/62941 XForce ISS Database: xwiki-watch-rev-xss(62940) http://xforce.iss.net/xforce/xfdb/62940
Copyright	Copyright (c) 2011 Greenbone Networks GmbH