XWiki Enterprise Unspecified SQL Injection And XSS Vulnerabilities Network Vulnerability

Summary

The host is running XWiki Enterprise and is prone to unspecified SQL injection and cross site scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary script code or cause SQL Injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to XWiki Enterprise 2.5 or later, For updates refer to http://enterprise.xwiki.org/xwiki/bin/view/Main/

Insight

The flaws are caused by input validation errors when processing user-supplied data and parameters, which could allow remote attackers to execute arbitrary script code or manipulate SQL queries by injecting arbitrary SQL code.

Affected

XWiki Enterprise before 2.5

References

http://secunia.com/advisories/42058
http://www.osvdb.org/68976
http://www.osvdb.org/68977
http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWikiEnterprise25

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4641, CVE-2010-4642

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
Adobe ColdFusion Directory Traversal Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities
68designs 68kb Multiple Remote File Include Vulnerabilities

XWiki Enterprise Unspecified SQL Injection and XSS Vulnerabilities

Take action and discover your vulnerabilities