Web application abuses : TWiki Multiple Cross Site Scripting Vulnerabilities

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.100857

Category: Web application abuses

Title: TWiki Multiple Cross Site Scripting Vulnerabilities

Summary: TWiki is prone to multiple cross-site scripting vulnerabilities; because it fails to sufficiently sanitize user-supplied data.

Description: Summary:
TWiki is prone to multiple cross-site scripting vulnerabilities
because it fails to sufficiently sanitize user-supplied data.

Vulnerability Impact:
An attacker may leverage these issues to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site. This may allow the
attacker to steal cookie-based authentication credentials and to launch other attacks.

Affected Software/OS:
Versions prior to TWiki 5.0.1 are vulnerable.

Solution:
Vendor updates are available. Please see the references for more
information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3841
BugTraq ID: 44103
http://www.securityfocus.com/bid/44103
http://secunia.com/advisories/41796
XForce ISS Database: twiki-multiple-xss(62557)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62557

Copyright Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.100857
Category:	Web application abuses
Title:	TWiki Multiple Cross Site Scripting Vulnerabilities
Summary:	TWiki is prone to multiple cross-site scripting vulnerabilities; because it fails to sufficiently sanitize user-supplied data.
Description:	Summary: TWiki is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Vulnerability Impact: An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Affected Software/OS: Versions prior to TWiki 5.0.1 are vulnerable. Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3841 BugTraq ID: 44103 http://www.securityfocus.com/bid/44103 http://secunia.com/advisories/41796 XForce ISS Database: twiki-multiple-xss(62557) https://exchange.xforce.ibmcloud.com/vulnerabilities/62557
Copyright	Copyright (C) 2010 Greenbone AG