CVE-2010-3841

Twiki < 5.0.0 - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.

Exploits (2)

exploitdb WORKING POC VERIFIED
by DOUHINE Davy · textwebappsphp
https://www.exploit-db.com/exploits/34843
exploitdb WORKING POC VERIFIED
by DOUHINE Davy · textwebappsphp
https://www.exploit-db.com/exploits/34842

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62557
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41796
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44103

Scores

EPSS 0.0021
EPSS Percentile 43.7%

Details

CWE
CWE-79
Status published
Products (24)
twiki/twiki 4.0.0
twiki/twiki 4.0.1
twiki/twiki 4.0.2
twiki/twiki 4.0.3
twiki/twiki 4.0.4
twiki/twiki 4.0.5
twiki/twiki 4.1.0
twiki/twiki 4.1.1
twiki/twiki 4.1.2
twiki/twiki 4.2.2
... and 14 more
Published Oct 18, 2010
Tracked Since Feb 18, 2026