ID de Prueba:	1.3.6.1.4.1.25623.1.0.800320
Categoría:	Web application abuses
Título:	TWiki XSS and Command Execution Vulnerabilities
Resumen:	TWiki is prone to Cross-Site Scripting (XSS) and Command Execution Vulnerabilities.
Descripción:	Summary: TWiki is prone to Cross-Site Scripting (XSS) and Command Execution Vulnerabilities. Vulnerability Insight: The flaws are due to: - %URLPARAM{}% variable is not properly sanitized which lets attackers conduct cross-site scripting attack. - %SEARCH{}% variable is not properly sanitised before being used in an eval() call which lets the attackers execute perl code through eval injection attack. Vulnerability Impact: Successful exploitation could allow execution of arbitrary script code or commands. This could let attackers steal cookie-based authentication credentials or compromise the affected application. Affected Software/OS: TWiki, TWiki version prior to 4.2.4. Solution: Upgrade to version 4.2.4 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5304 BugTraq ID: 32669 http://www.securityfocus.com/bid/32669 http://securitytracker.com/id?1021351 http://secunia.com/advisories/33040 http://www.vupen.com/english/advisories/2008/3381 XForce ISS Database: twiki-urlparam-xss(47122) https://exchange.xforce.ibmcloud.com/vulnerabilities/47122 Common Vulnerability Exposure (CVE) ID: CVE-2008-5305 BugTraq ID: 32668 http://www.securityfocus.com/bid/32668 http://securitytracker.com/id?1021352
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.