Description

Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Remediation

References

CVE-2006-2840

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0799)

WordPress Plugin Church Admin Arbitrary File Upload (4.4.6)

IBM WebSEAL Missing Authorization Vulnerability (CVE-2019-4158)

Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)

WordPress Plugin 2 Click Social Media Buttons 'xing-url' Parameter Cross-Site Scripting (0.32.2)

Severity

Medium

Classification

CVE-2006-2840

Tags

Missing Update Known Vulnerabilities