TWiki 'newtopic' Parameter And SlideShowPlugin XSS Vulnerabilities Network Vulnerability

Summary

The host is running TWiki and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation could allow attackers to inject arbitrary web script or HTML. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Impact Level: Application

Solution

upgrade to TWiki 5.1.0 or later, For updates refer to http://twiki.org/cgi-bin/view/Codev/DownloadTWiki

Insight

Multiple flaws are due to input validation error in, - 'newtopic' parameter in bin/view/Main/Jump (when 'template' is set to 'WebCreateNewTopic') - 'lib/TWiki/Plugins/SlideShowPlugin/SlideShow.pm' in the 'SlideShowPlugin' pages containing a slideshow presentation.

Affected

TWiki version prior to 5.1.0

References

http://osvdb.org/75673
http://osvdb.org/75674
http://secunia.com/advisories/46123
http://securitytracker.com/id?1026091
http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3010

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
An Image Gallery Directory Traversal Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities

Take action and discover your vulnerabilities