ID de Prueba:	1.3.6.1.4.1.25623.1.0.801841
Categoría:	Web application abuses
Título:	XWiki Enterprise Unspecified SQL Injection and XSS Vulnerabilities
Resumen:	XWiki Enterprise is prone to unspecified SQL injection and cross site scripting vulnerabilities.
Descripción:	Summary: XWiki Enterprise is prone to unspecified SQL injection and cross site scripting vulnerabilities. Vulnerability Insight: The flaws are caused by input validation errors when processing user-supplied data and parameters, which could allow remote attackers to execute arbitrary script code or manipulate SQL queries by injecting arbitrary SQL code. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary script code or cause SQL Injection attack and gain sensitive information. Affected Software/OS: XWiki Enterprise before 2.5. Solution: Upgrade to XWiki Enterprise 2.5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4641 BugTraq ID: 44601 http://www.securityfocus.com/bid/44601 http://www.osvdb.org/68976 http://secunia.com/advisories/42058 XForce ISS Database: xwiki-enterprise-unspec-sql-injection(62943) https://exchange.xforce.ibmcloud.com/vulnerabilities/62943 Common Vulnerability Exposure (CVE) ID: CVE-2010-4642 http://www.osvdb.org/68977 XForce ISS Database: xwiki-enterprise-unspec-xss(62942) https://exchange.xforce.ibmcloud.com/vulnerabilities/62942
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.