CVE-2014-9325

Опубликовано: 31 дек. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.

Ссылки

http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html
Exploit
http://seclists.org/fulldisclosure/2014/Dec/81
Exploit
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325
Vendor Advisory
http://www.securitytracker.com/id/1031399
Exploit
http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html
Exploit
http://seclists.org/fulldisclosure/2014/Dec/81
Exploit
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325
Vendor Advisory
http://www.securitytracker.com/id/1031399
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:twiki:twiki:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00336

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2014-9325

debian

около 11 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 all ...

GHSA-f29g-f7p5-49vf

github

больше 3 лет назад