fkie_nvd - fkie_cve-2010-3841

fkie_cve-2010-3841

Vulnerability from fkie_nvd

Published

2010-10-18 17:00

Modified

2025-04-11 00:51

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/41796	Vendor Advisory
cve@mitre.org	http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/44103	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/62557
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41796	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44103	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/62557

Impacted products

Vendor	Product	Version
twiki	twiki	*
twiki	twiki	4.0.0
twiki	twiki	4.0.1
twiki	twiki	4.0.2
twiki	twiki	4.0.3
twiki	twiki	4.0.4
twiki	twiki	4.0.5
twiki	twiki	4.1.0
twiki	twiki	4.1.1
twiki	twiki	4.1.2
twiki	twiki	4.2.2
twiki	twiki	4.2.3
twiki	twiki	4.2.4
twiki	twiki	4.3.0
twiki	twiki	4.3.1
twiki	twiki	4.3.2
twiki	twiki	2000-12-01
twiki	twiki	2001-09-01
twiki	twiki	2001-12-01
twiki	twiki	2003-02-01
twiki	twiki	2004-09-01
twiki	twiki	2004-09-02
twiki	twiki	2004-09-03
twiki	twiki	2004-09-04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EB3542-A00F-49B5-B38D-196E0FA8C8E7",
              "versionEndIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "81DDB420-E707-4319-8395-531FC0D84E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7A5A57-AE7D-4D3E-A280-41676F355AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "710F8276-1147-4EAD-9C34-5F2FEE636F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7698E4-32E0-4228-94C7-83E5E7CF83E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CBEFD95-CB78-4C25-BB41-EB96C780F2F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*",
              "matchCriteriaId": "89599BC3-E1D8-4670-9321-F63A788096A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:2001-09-01:*:*:*:*:*:*:*",
              "matchCriteriaId": "354C8BA8-603D-4556-8C4C-39DEE4891719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*",
              "matchCriteriaId": "23CC3B43-A77A-471E-A0ED-E91E53C2400C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*",
              "matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC5965A-BFC8-42B3-AF13-28E097381E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*",
              "matchCriteriaId": "C94AFFF9-5951-43A9-8018-B10C3F097CE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:2004-09-03:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F823DF7-B38E-4FBF-8D9A-C1B49FC237BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:twiki:twiki:2004-09-04:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFA8E461-0CAA-4B44-8BCC-21CD8E1A6A41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en lib/TWiki.pm de TWiki en versiones anteriores a la v5.0.1 permiten a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro rev al script view o (2) la cadena de consulta del script de login."
    }
  ],
  "id": "CVE-2010-3841",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-10-18T17:00:04.063",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41796"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/44103"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/44103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62557"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-3841 (GCVE-0-2010-3841)

Vulnerability from cvelistv5

Published

2010-10-18 16:00