Summary
The host is running TWiki and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation could allow attackers to inject arbitrary web script or HTML. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Impact Level: Application
Solution
upgrade to TWiki 5.1.0 or later,
For updates refer to http://twiki.org/cgi-bin/view/Codev/DownloadTWiki
Insight
Multiple flaws are due to input validation error in, - 'newtopic' parameter in bin/view/Main/Jump (when 'template' is set to 'WebCreateNewTopic')
- 'lib/TWiki/Plugins/SlideShowPlugin/SlideShow.pm' in the 'SlideShowPlugin' pages containing a slideshow presentation.
Affected
TWiki version prior to 5.1.0
References
Severity
Classification
-
CVE CVE-2011-3010 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities