Lucene search
RootSSV:20951HistorySep 25, 2011 - 12:00 a.m.
TWiki versions prior to 5.1.0 suffer from cross site scripting vulnerabilities
2011-09-2500:00:00
Root
www.seebug.org
15
0.011 Low
EPSS
Percentile
82.7%
No description provided by source.
Name : XSS vulnerability in TWikiSoftware
Versions: TWiki 5.0.2 and below.
Vendor Homepage: http://twiki.org/
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : ็ฆS-11-006
CVE : ็VE-2011-3010
Description-----------------------------------
TWiki๏ฟฝ is a flexible, powerful, and easy to use enterprise wiki,enterprise collaboration platform, and web application platform. It isa Structured Wiki, typically used to run a project development space,a document management system, a knowledge base, or any other groupwaretool, on an intranet, extranet or the Internet.
Details-----------------------------------
TTWiki is affected by XSS vulnerabilities in version 5.0.2.Example PoC url is as follows :
http://example.com/do/view/Main/Jump?create=on&newtopic=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%280x0051D1%29%3C/script%3E&template=WebCreateNewTopic&topicparent=3http://example.com/do/view/TWiki/ATasteOfTWiki?'"--></style></script><script>alert(0x002B48)</script>
You can read the full article about Cross-Site Scripting vulnerabilities from here: http://www.mavitunasecurity.com/crosssite-scripting-xss/
Solution-----------------------------------
Upgrade to the latest TWiki version (5.1.0).
Credits-----------------------------------
It has been discovered on testing of Netsparker, Web ApplicationSecurity Scanner -
http://www.mavitunasecurity.com/netsparker/.
References-----------------------------------
Vendor Url :
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010MSL
Advisory Link :
http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5/Netsparker
Advisories : http://www.mavitunasecurity.com/netsparker-advisories/
About Netsparker-----------------------------------
Netsparker๏ฟฝ can find and report security issues such as SQL Injectionand Cross-site Scripting (XSS) in all web applications regardless ofthe platform and the technology they are built on. Netsparker's uniquedetection and exploitation technique
--
Netsparker Advisories, <[email protected]>
Homepage, http://www.mavitunasecurity.com/netsparker-advisories/
Related
packetstorm
packetstorm
TWiki Cross Site Scripting
2011-09-23 00:00:00
securityvulns
securityvulns
XSS Vulnerabilities in TWiki < 5.1.0
2011-09-26 00:00:00
cve
cve
CVE-2011-3010
2011-09-30 10:55:00
prion
prion
Cross site scripting
2011-09-30 10:55:00
openvas
openvas
TWiki 'newtopic' Parameter And SlideShowPlugin XSS Vulnerabilities
2011-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2011-3010
2011-09-30 00:00:00