Shodan
Vulnerabilities
Vulnerable Software
Twiki:  >> Twiki  >> 4.2.0  Security Vulnerabilities
CVE-2011-3010
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
CVSS Score
4.3
EPSS Score
0.271
Published
2011-09-30
CVE-2011-1838
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
CVSS Score
4.3
EPSS Score
0.09
Published
2011-05-20
CVE-2009-4898
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
CVSS Score
6.8
EPSS Score
0.001
Published
2010-09-07
CVE-2009-1339
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
CVSS Score
6.0
EPSS Score
0.004
Published
2009-04-30
CVE-2008-5304
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
CVSS Score
4.3
EPSS Score
0.055
Published
2008-12-10
CVE-2008-5305
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
CVSS Score
10.0
EPSS Score
0.029
Published
2008-12-10
CVE-2008-3195
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.575
Published
2008-09-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved