Test ID:	1.3.6.1.4.1.25623.1.0.800320
Category:	Web application abuses
Title:	TWiki XSS and Command Execution Vulnerabilities
Summary:	TWiki is prone to Cross-Site Scripting (XSS) and Command Execution Vulnerabilities.
Description:	Summary: TWiki is prone to Cross-Site Scripting (XSS) and Command Execution Vulnerabilities. Vulnerability Insight: The flaws are due to: - %URLPARAM{}% variable is not properly sanitized which lets attackers conduct cross-site scripting attack. - %SEARCH{}% variable is not properly sanitised before being used in an eval() call which lets the attackers execute perl code through eval injection attack. Vulnerability Impact: Successful exploitation could allow execution of arbitrary script code or commands. This could let attackers steal cookie-based authentication credentials or compromise the affected application. Affected Software/OS: TWiki, TWiki version prior to 4.2.4. Solution: Upgrade to version 4.2.4 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5304 BugTraq ID: 32669 http://www.securityfocus.com/bid/32669 http://securitytracker.com/id?1021351 http://secunia.com/advisories/33040 http://www.vupen.com/english/advisories/2008/3381 XForce ISS Database: twiki-urlparam-xss(47122) https://exchange.xforce.ibmcloud.com/vulnerabilities/47122 Common Vulnerability Exposure (CVE) ID: CVE-2008-5305 BugTraq ID: 32668 http://www.securityfocus.com/bid/32668 http://securitytracker.com/id?1021352
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.