ID de Prueba:	1.3.6.1.4.1.25623.1.0.902434
Categoría:	Web application abuses
Título:	TWiki < 5.0.2 'TemplateLogin.pm' Multiple XSS Vulnerabilities
Resumen:	TWiki is prone to multiple cross-site scripting (XSS); vulnerabilities.
Descripción:	Summary: TWiki is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: Multiple flaws are due to an input validation error in lib/TWiki /LoginManager/TemplateLogin.pm, when handling 'origurl' parameter to a view or login script. Vulnerability Impact: Successful exploitation could allow attackers to inject arbitrary web script or HTML. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Affected Software/OS: TWiki version prior to 5.0.2 Solution: Apply the patch or upgrade to TWiki 5.0.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1838 BugTraq ID: 47899 http://www.securityfocus.com/bid/47899 Bugtraq: 20110518 XSS vulnerability in TWiki < 5.0.2 (Google Search) http://www.securityfocus.com/archive/1/518038/100/0/threaded http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/ http://securitytracker.com/id?1025542 http://secunia.com/advisories/44594 http://securityreason.com/securityalert/8257 http://www.vupen.com/english/advisories/2011/1258
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.