Summary
The host is running XWiki Enterprise and is prone to unspecified SQL injection and cross site scripting vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary script code or cause SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to XWiki Enterprise 2.5 or later,
For updates refer to http://enterprise.xwiki.org/xwiki/bin/view/Main/
Insight
The flaws are caused by input validation errors when processing user-supplied data and parameters, which could allow remote attackers to execute arbitrary script code or manipulate SQL queries by injecting arbitrary SQL code.
Affected
XWiki Enterprise before 2.5
References
Severity
Classification
-
CVE CVE-2010-4641, CVE-2010-4642 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AVTECH DVR Multiple Vulnerabilities
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Assesi 'bg' Parameter SQL Injection vulnerability