Vulners
Lucene search
Foswiki Cross Site Scripting
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | foswiki -- Script Insertion Vulnerability via unchecked user registration fields | 13 Apr 201200:00 | – | freebsd |
 | CVE-2012-1004 | 8 Feb 201202:00 | – | cve |
 | CVE-2012-1004 | 8 Feb 201202:00 | – | cvelist |
 | EUVD-2012-1044 | 7 Oct 202500:30 | – | euvd |
 | FreeBSD : foswiki -- Script Insertion Vulnerability via unchecked user registration fields (495b46fd-a30f-11e1-82c9-d0df9acfd7e5) | 21 May 201200:00 | – | nessus |
 | CVE-2012-1004 | 8 Feb 201204:11 | – | nvd |
 | Foswiki 1.x < 1.1.5 Multiple XSS Vulnerabilities | 21 Mar 201700:00 | – | openvas |
| FreeBSD Ports: foswiki | 31 May 201200:00 | – | openvas |
| FreeBSD Ports: foswiki | 31 May 201200:00 | – | openvas |
 | Cross site scripting | 8 Feb 201204:11 | – | prion |
10
`# Exploit Title: Foswiki Cross Site Scripting
# Date: 2.02.2012
# Author: Sony
# Software Link: http://foswiki.org/
# Google Dorks: intext:powered by foswiki
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html
..................................................................
What is Foswiki?
Foswiki launched in October 2008 after TWiki..[<a href="
http://en.wikipedia.org/wiki/TWiki">more..</a>]
About TWiki cross site scripting you can read here:
http://packetstormsecurity.org/files/109246/TWiki-Cross-Site-Scripting.html
Well, in Foxwiki:
http://foswiki.org/Main/SonyStyles
http://1.bp.blogspot.com/-XoubozNduj8/TysBtx0o1lI/AAAAAAAAAYs/a9eZhpgfrOU/s1600/%25D0%2591%25D0%25B5%25D0%25B7%25D1%258B%25D0%25BC%25D1%258F%25D0%25BD%25D0%25BD%25D1%258B%25D0%25B9.jpg
In fields "My homepage","Comment",etc..
And yes, a lot of sites with Foswiki vuln.. to xss.
You can see in Google:
powered by foswiki site:edu
uchicago.edu,stanford.edu,umich.edu,mit.edu..etc..
powered by foswiki site:gov
powered by foswiki site:org
etc..
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Feb 2012 00:00Current
EPSS0.00208