Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27055
HistorySep 26, 2011 - 12:00 a.m.

XSS Vulnerabilities in TWiki < 5.1.0

2011-09-2600:00:00
vulners.com
36
JSON

Information------------------Name : XSS vulnerability in TWikiSoftware
: TWiki 5.0.2 and below.Vendor Hompeage :
http://twiki.org/Vulnerability Type : Cross-Site ScriptingSeverity :
HighResearcher : Mesut Timur <mesut [at] mavitunasecurity [dot]
com>Advisory Reference : ย NS-11-006CVE : ย CVE-2011-3010

Description-----------------------------------TWikiยฎ is a flexible,
powerful, and easy to use enterprise wiki,enterprise collaboration
platform, and web application platform. It isa Structured Wiki,
typically used to run a project development space,a document
management system, a knowledge base, or any other groupwaretool, on an
intranet, extranet or the Internet.

Details-----------------------------------TTWiki is affected by XSS
vulnerabilities in version 5.0.2.Example PoC url is as follows :
http://example.com/do/view/Main/Jump?create=on&amp;newtopic=&#37;27&#37;22--&#37;3E&#37;3C/style&#37;3E&#37;3C/script&#37;3E&#37;3Cscript&#37;3Ealert&#37;280x0051D1&#37;29&#37;3C/script&#37;3E&amp;template=WebCreateNewTopic&amp;topicparent=3http://example.com/do/view/TWiki/ATasteOfTWiki?&#39;&quot;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;alert&#40;0x002B48&#41;&lt;/script&gt;
You can read the full article about Cross-Site
Scriptingvulnerabilities from here
:http://www.mavitunasecurity.com/crosssite-scripting-xss/

Solution-----------------------------------Upgrade to the latest TWiki
version (5.1.0).

Credits-----------------------------------It has been discovered on
testing of Netsparker, Web ApplicationSecurity Scanner -
http://www.mavitunasecurity.com/netsparker/.

References-----------------------------------Vendor Url :
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010MSL
Advisory Link :
http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5/Netsparker
Advisories : http://www.mavitunasecurity.com/netsparker-advisories/
About Netsparker-----------------------------------Netsparkerยฎ can
find and report security issues such as SQL Injectionand Cross-site
Scripting (XSS) in all web applications regardless ofthe platform and
the technology they are built on. Netsparker's uniquedetection and
exploitation technique

Netsparker Advisories, <[email protected]>
Homepage, http://www.mavitunasecurity.com/netsparker-advisories/

Related

packetstorm 1
prion 1
openvas 1
ubuntucve 1
cve 1
seebug 1
securityvulns 1
packetstorm
packetstorm
TWiki Cross Site Scripting
2011-09-23 00:00:00
prion
prion
Cross site scripting
2011-09-30 10:55:00
openvas
openvas
TWiki 'newtopic' Parameter And SlideShowPlugin XSS Vulnerabilities
2011-10-12 00:00:00
ubuntucve
ubuntucve
CVE-2011-3010
2011-09-30 00:00:00
cve
cve
CVE-2011-3010
2011-09-30 10:55:00
seebug
seebug
TWiki versions prior to 5.1.0 suffer from cross site scripting vulnerabilities
2011-09-25 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2011-09-26 00:00:00
JSON
Related for SECURITYVULNS:DOC:27055
packetstorm1prion1openvas1ubuntucve1cve1seebug1securityvulns1