PmWiki 'from' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running PmWiki and is prone to Cross Site Scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application.

Solution

Update to PmWiki version 2.2.21 or later For updates refer to http://www.pmwiki.org/pub/pmwiki/

Insight

Input passed to the 'from' parameter to 'pmwiki.php' is not properly sanitised before being returned to the user.

Affected

PmWiki version 2.2.20 and prior

References

http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt
http://secunia.com/advisories/42608/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4748

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities