Search criteria
87 vulnerabilities found for twiki by twiki
FKIE_CVE-2014-7236
Vulnerability from fkie_nvd - Published: 2020-02-17 22:15 - Updated: 2024-11-21 02:16
Severity ?
Summary
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2014/Oct/44 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/70372 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1030981 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Oct/44 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70372 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030981 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7054F1C7-A5E6-4977-8AB8-830075428AC4",
"versionEndIncluding": "4.0.5",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4353BB0-1D40-439E-BE8D-048285044BEC",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF27FD8-EBBC-4E39-BD10-DEC348FA133D",
"versionEndIncluding": "4.2.4",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1ABF1F-B92A-4220-8961-EED540FDD0B0",
"versionEndIncluding": "4.3.2",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A66BFC9-7797-4B9E-BB5B-93A4C314A8C4",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD4E8F-D453-4BA1-A63E-ADFFAA2882D5",
"versionEndIncluding": "5.1.4",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A873DA64-2E8F-4BF4-B6D3-A2BAEF23341C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n Eval en la biblioteca lib/TWiki/Plugins.pm en TWiki versiones anteriores a 6.0.1, permite a atacantes remotos ejecutar c\u00f3digo de Perl arbitrario por medio del par\u00e1metro debugenableplugins en el archivo do/view/Main/WebHome."
}
],
"id": "CVE-2014-7236",
"lastModified": "2024-11-21T02:16:35.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-17T22:15:11.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030981"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1751
Vulnerability from fkie_nvd - Published: 2019-11-07 22:15 - Updated: 2024-11-21 01:50
Severity ?
Summary
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1028149 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2013-1751 | Third Party Advisory | |
| cve@mitre.org | https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028149 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2013-1751 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751 | Mitigation, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F4495C-AC9D-47C0-945D-AA0F57E3CE06",
"versionEndExcluding": "5.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted \u0027%MAKETEXT{}%\u0027 parameter value containing Perl backtick characters."
},
{
"lang": "es",
"value": "TWiki versiones anteriores a 5.1.4, permite a atacantes remotos ejecutar comandos de shell arbitrarios mediante el env\u00edo de un valor del par\u00e1metro \"%MAKETEXT{}%\" dise\u00f1ado que contiene caracteres Perl backtick."
}
],
"id": "CVE-2013-1751",
"lastModified": "2024-11-21T01:50:19.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-07T22:15:10.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3056
Vulnerability from fkie_nvd - Published: 2019-11-01 13:15 - Updated: 2024-11-21 00:01
Severity ?
Summary
TWiki allows arbitrary shell command execution via the Include function
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2005-3056 | Third Party Advisory | |
| cve@mitre.org | https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2005-3056 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:20040902-3:*:*:*:*:*:*:*",
"matchCriteriaId": "1067AE29-BF5D-42C6-9B70-F7FAC3763F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki allows arbitrary shell command execution via the Include function"
},
{
"lang": "es",
"value": "Twiki, permite una ejecuci\u00f3n de comandos de shell arbitraria por medio de la funci\u00f3n Include"
}
],
"id": "CVE-2005-3056",
"lastModified": "2024-11-21T00:01:01.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-01T13:15:11.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-20212
Vulnerability from fkie_nvd - Published: 2019-03-21 16:00 - Updated: 2024-11-21 04:01
Severity ?
Summary
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jan/7 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://twiki.org/cgi-bin/view/Codev/DownloadTWiki | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jan/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://twiki.org/cgi-bin/view/Codev/DownloadTWiki | Product, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "592A9955-E098-435C-A287-76F2E11E8011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter."
},
{
"lang": "es",
"value": "bin/statistics en TWiki 6.0.2 permite Cross-Site Scripting (XSS) mediante el par\u00e1metro webs."
}
],
"id": "CVE-2018-20212",
"lastModified": "2024-11-21T04:01:05.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:35.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9367
Vulnerability from fkie_nvd - Published: 2014-12-31 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0306B3AE-A684-4438-9B4A-D83F11EFA899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A0D459-5426-424D-A394-3A478BFF8CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \"\u0027\" (single quote) in the scope parameter to do/view/TWiki/WebSearch."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en la funci\u00f3n urlEncode en lib/TWiki.pm en TWiki 6.0.0 y 6.0.1 permite a atacantes remotos llevar a cabo un ataque de XSS a trav\u00e9s de \u0027\u0027\u0027 (comillas simples) en el par\u00e1metro scope en do/view/TWiki/WebSearch."
}
],
"id": "CVE-2014-9367",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-31T21:59:04.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1031400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1031400"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9325
Vulnerability from fkie_nvd - Published: 2014-12-31 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A0D459-5426-424D-A394-3A478BFF8CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en TWiki 6.0.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) la variable QUERYSTRING en lib/TWiki.pm o (2) la variable QUERYPARAMSTRING en lib/TWiki/UI/View.pm, tal y como fue demostrado por QUERY_STRING en do/view/Main/TWikiPreferences."
}
],
"id": "CVE-2014-9325",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-31T21:59:03.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1031399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1031399"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7237
Vulnerability from fkie_nvd - Published: 2014-10-16 00:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "514BF8A0-B63B-4767-A80C-0C922BF7DD18",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code."
},
{
"lang": "es",
"value": "lib/TWiki/Sandbox.pm en TWiki 6.0.0 y anteriores, cuando se ejecuta en Windows, permite a atacantes remotos evadir las restricciones de acceso y subir ficheros con nombres restringidos a trav\u00e9s un byte nulo (%00) en el nombre del fichero en bin/upload.cgi, como lo demuestra el uso de .htaccess para ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2014-7237",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-16T00:55:06.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6330
Vulnerability from fkie_nvd - Published: 2013-01-04 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 5.1.0 | |
| twiki | twiki | 5.1.1 | |
| foswiki | foswiki | 1.0.0 | |
| foswiki | foswiki | 1.0.1 | |
| foswiki | foswiki | 1.0.2 | |
| foswiki | foswiki | 1.0.3 | |
| foswiki | foswiki | 1.0.4 | |
| foswiki | foswiki | 1.0.10 | |
| foswiki | foswiki | 1.1.0 | |
| foswiki | foswiki | 1.1.1 | |
| foswiki | foswiki | 1.1.2 | |
| foswiki | foswiki | 1.1.3 | |
| foswiki | foswiki | 1.1.4 | |
| foswiki | foswiki | 1.1.5 | |
| foswiki | foswiki | 1.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D4B535-185E-4AE2-AFC1-212D520E859D",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07BBEFE6-5F18-4663-B324-1C2A9AE9DBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7962DD6F-7915-4790-BA93-7019014BD8F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B6551-9ED0-4D32-A9DC-C1167550ECED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9280019F-EBB1-476A-BF19-B9B2FA5F929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE5ADD0-893A-4E5E-AF4D-550562338FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46521E63-4714-4464-AA2F-91E3DC892389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "711FE886-F31B-4931-92A5-739001A8EFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "86B3A5FB-EF9D-443E-9626-00A0C157D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C38025-5D6C-4862-879A-B6BB489AD9E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F126547D-222B-4671-93CF-4F8E0124DA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6EA3C8-6739-43D8-981D-D4A1799B5C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE81899-0502-4BFB-91B6-D5E321817022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "345AD50C-E933-4311-9925-798302D121AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52934CA5-415D-4A65-9194-896012A1A2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE21744-59DC-44C0-B33E-94942B1911DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
},
{
"lang": "es",
"value": "La funcionalidad de localizaci\u00f3n en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (consumo de memoria)a trav\u00e9s de un entero largo en una macro %MAKETEXT%."
}
],
"id": "CVE-2012-6330",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T21:55:01.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56950"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0979
Vulnerability from fkie_nvd - Published: 2012-02-02 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15AF47F3-29A7-43FF-B2D5-73322A361157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7962DD6F-7915-4790-BA93-7019014BD8F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en TWiki permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo \u0027organizaci\u00f3n\u0027 en un perfil, con la participaci\u00f3n de un usuario mediante su (1) registro o (2) la edici\u00f3n de su perfil."
}
],
"evaluatorImpact": "Per: http://secunia.com/advisories/47784\r\n\r\n\u0027The vulnerability is confirmed in version 5.1.1. Other versions may also be affected.\u0027",
"id": "CVE-2012-0979",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-02T17:55:01.333",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78664"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47784"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51731"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026604"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3010
Vulnerability from fkie_nvd - Published: 2011-09-30 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 4.0 | |
| twiki | twiki | 4.0.0 | |
| twiki | twiki | 4.0.1 | |
| twiki | twiki | 4.0.2 | |
| twiki | twiki | 4.0.3 | |
| twiki | twiki | 4.0.4 | |
| twiki | twiki | 4.0.5 | |
| twiki | twiki | 4.1.0 | |
| twiki | twiki | 4.1.1 | |
| twiki | twiki | 4.1.2 | |
| twiki | twiki | 4.2.0 | |
| twiki | twiki | 4.2.1 | |
| twiki | twiki | 4.2.2 | |
| twiki | twiki | 4.2.3 | |
| twiki | twiki | 4.2.4 | |
| twiki | twiki | 4.3.0 | |
| twiki | twiki | 4.3.2 | |
| twiki | twiki | 4.5.0 | |
| twiki | twiki | 5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE5ACDB-2AEF-4EF1-BADD-657E550CFB5C",
"versionEndIncluding": "5.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDB420-E707-4319-8395-531FC0D84E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A5A57-AE7D-4D3E-A280-41676F355AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "710F8276-1147-4EAD-9C34-5F2FEE636F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBEFD95-CB78-4C25-BB41-EB96C780F2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AFE25-8C05-4F08-A7C1-3850EE930A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBAAC5C-F240-4292-98C3-79D9C23FC021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en TWiki antes de v5.1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro newtopic en una acci\u00f3n WebCreateNewTopic, relacionado con TWiki.WebCreateNewTopicTemplate; o (2) la cadena de consulta a SlideShow.pm en el SlideShadowPlugin."
}
],
"id": "CVE-2011-3010",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-30T10:55:04.163",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"source": "cve@mitre.org",
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46123"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1026091"
},
{
"source": "cve@mitre.org",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"source": "cve@mitre.org",
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/75673"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/75674"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1026091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/75673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/75674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49746"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-7236 (GCVE-0-2014-7236)
Vulnerability from cvelistv5 – Published: 2020-02-17 21:14 – Updated: 2024-08-06 12:40
VLAI?
Summary
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T21:14:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1030981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70372"
},
{
"name": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Oct/44",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"name": "http://www.securitytracker.com/id/1030981",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1030981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7236",
"datePublished": "2020-02-17T21:14:54",
"dateReserved": "2014-09-30T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1751 (GCVE-0-2013-1751)
Vulnerability from cvelistv5 – Published: 2019-11-07 21:51 – Updated: 2024-08-06 15:13
VLAI?
Summary
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted \u0027%MAKETEXT{}%\u0027 parameter value containing Perl backtick characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T21:51:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted \u0027%MAKETEXT{}%\u0027 parameter value containing Perl backtick characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1751",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"name": "http://www.securitytracker.com/id/1028149",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1028149"
},
{
"name": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751",
"refsource": "CONFIRM",
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1751",
"datePublished": "2019-11-07T21:51:14",
"dateReserved": "2013-02-15T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3056 (GCVE-0-2005-3056)
Vulnerability from cvelistv5 – Published: 2019-11-01 12:40 – Updated: 2024-08-07 22:53
VLAI?
Summary
TWiki allows arbitrary shell command execution via the Include function
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TWiki allows arbitrary shell command execution via the Include function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T12:40:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki allows arbitrary shell command execution via the Include function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2005-3056",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"name": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude",
"refsource": "CONFIRM",
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3056",
"datePublished": "2019-11-01T12:40:12",
"dateReserved": "2005-09-26T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20212 (GCVE-0-2018-20212)
Vulnerability from cvelistv5 – Published: 2019-03-17 20:30 – Updated: 2024-08-05 11:58
VLAI?
Summary
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T20:30:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/7",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki",
"refsource": "MISC",
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20212",
"datePublished": "2019-03-17T20:30:20",
"dateReserved": "2018-12-18T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9325 (GCVE-0-2014-9325)
Vulnerability from cvelistv5 – Published: 2014-12-31 21:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-31T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031399"
},
{
"name": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9325",
"datePublished": "2014-12-31T21:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9367 (GCVE-0-2014-9367)
Vulnerability from cvelistv5 – Published: 2014-12-31 21:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \"\u0027\" (single quote) in the scope parameter to do/view/TWiki/WebSearch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-31T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \"\u0027\" (single quote) in the scope parameter to do/view/TWiki/WebSearch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9367",
"datePublished": "2014-12-31T21:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7237 (GCVE-0-2014-7237)
Vulnerability from cvelistv5 – Published: 2014-10-16 00:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7237",
"datePublished": "2014-10-16T00:00:00",
"dateReserved": "2014-09-30T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6330 (GCVE-0-2012-6330)
Vulnerability from cvelistv5 – Published: 2013-01-04 21:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6330",
"datePublished": "2013-01-04T21:00:00",
"dateReserved": "2012-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0979 (GCVE-0-2012-0979)
Vulnerability from cvelistv5 – Published: 2012-02-02 17:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:25.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47784"
},
{
"name": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"refsource": "OSVDB",
"url": "http://osvdb.org/78664"
},
{
"name": "http://packetstormsecurity.org/files/109246/twiki-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0979",
"datePublished": "2012-02-02T17:00:00",
"dateReserved": "2012-02-02T00:00:00",
"dateUpdated": "2024-08-06T18:45:25.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3010 (GCVE-0-2011-3010)
Vulnerability from cvelistv5 – Published: 2011-09-30 10:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:26.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49746"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-30T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49746"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46123"
},
{
"name": "http://develop.twiki.org/trac/changeset/21920",
"refsource": "CONFIRM",
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49746"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3010",
"datePublished": "2011-09-30T10:00:00Z",
"dateReserved": "2011-08-09T00:00:00Z",
"dateUpdated": "2024-09-17T03:03:48.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7236 (GCVE-0-2014-7236)
Vulnerability from nvd – Published: 2020-02-17 21:14 – Updated: 2024-08-06 12:40
VLAI?
Summary
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T21:14:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1030981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70372"
},
{
"name": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Oct/44",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"name": "http://www.securitytracker.com/id/1030981",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1030981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7236",
"datePublished": "2020-02-17T21:14:54",
"dateReserved": "2014-09-30T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1751 (GCVE-0-2013-1751)
Vulnerability from nvd – Published: 2019-11-07 21:51 – Updated: 2024-08-06 15:13
VLAI?
Summary
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted \u0027%MAKETEXT{}%\u0027 parameter value containing Perl backtick characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T21:51:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted \u0027%MAKETEXT{}%\u0027 parameter value containing Perl backtick characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1751",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"name": "http://www.securitytracker.com/id/1028149",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1028149"
},
{
"name": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751",
"refsource": "CONFIRM",
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1751",
"datePublished": "2019-11-07T21:51:14",
"dateReserved": "2013-02-15T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3056 (GCVE-0-2005-3056)
Vulnerability from nvd – Published: 2019-11-01 12:40 – Updated: 2024-08-07 22:53
VLAI?
Summary
TWiki allows arbitrary shell command execution via the Include function
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TWiki allows arbitrary shell command execution via the Include function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T12:40:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki allows arbitrary shell command execution via the Include function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2005-3056",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"name": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude",
"refsource": "CONFIRM",
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3056",
"datePublished": "2019-11-01T12:40:12",
"dateReserved": "2005-09-26T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20212 (GCVE-0-2018-20212)
Vulnerability from nvd – Published: 2019-03-17 20:30 – Updated: 2024-08-05 11:58
VLAI?
Summary
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T20:30:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/7",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki",
"refsource": "MISC",
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20212",
"datePublished": "2019-03-17T20:30:20",
"dateReserved": "2018-12-18T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9325 (GCVE-0-2014-9325)
Vulnerability from nvd – Published: 2014-12-31 21:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-31T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031399"
},
{
"name": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9325",
"datePublished": "2014-12-31T21:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9367 (GCVE-0-2014-9367)
Vulnerability from nvd – Published: 2014-12-31 21:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \"\u0027\" (single quote) in the scope parameter to do/view/TWiki/WebSearch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-31T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \"\u0027\" (single quote) in the scope parameter to do/view/TWiki/WebSearch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9367",
"datePublished": "2014-12-31T21:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7237 (GCVE-0-2014-7237)
Vulnerability from nvd – Published: 2014-10-16 00:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7237",
"datePublished": "2014-10-16T00:00:00",
"dateReserved": "2014-09-30T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6330 (GCVE-0-2012-6330)
Vulnerability from nvd – Published: 2013-01-04 21:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6330",
"datePublished": "2013-01-04T21:00:00",
"dateReserved": "2012-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0979 (GCVE-0-2012-0979)
Vulnerability from nvd – Published: 2012-02-02 17:00 – Updated: 2024-08-06 18:45
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:25.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47784"
},
{
"name": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"refsource": "OSVDB",
"url": "http://osvdb.org/78664"
},
{
"name": "http://packetstormsecurity.org/files/109246/twiki-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0979",
"datePublished": "2012-02-02T17:00:00",
"dateReserved": "2012-02-02T00:00:00",
"dateUpdated": "2024-08-06T18:45:25.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3010 (GCVE-0-2011-3010)
Vulnerability from nvd – Published: 2011-09-30 10:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:26.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49746"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-30T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49746"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46123"
},
{
"name": "http://develop.twiki.org/trac/changeset/21920",
"refsource": "CONFIRM",
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49746"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3010",
"datePublished": "2011-09-30T10:00:00Z",
"dateReserved": "2011-08-09T00:00:00Z",
"dateUpdated": "2024-09-17T03:03:48.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}