Twiki : Security Vulnerabilities, CVEs, Published In 2010
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-10-18
Updated
2017-08-17
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
Max CVSS
6.8
EPSS Score
0.11%
Published
2010-09-07
Updated
2010-11-12
2 vulnerabilities found