CVE-2010-3841

TWiki < 5.0.1 - Cross-Site Scripting via rev Parameter or Login Query String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3841. PoCs published by DOUHINE Davy.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in TWiki by injecting a script tag via the 'origurl' parameter in the login page. The vulnerability allows arbitrary JavaScript execution in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.

Exploits (2)

exploitdb WORKING POC VERIFIED
by DOUHINE Davy · textwebappsphp
https://www.exploit-db.com/exploits/34843

This exploit demonstrates a reflected XSS vulnerability in TWiki by injecting a script tag via the 'origurl' parameter in the login page. The vulnerability allows arbitrary JavaScript execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: TWiki versions prior to 5.0.1
No auth needed
Prerequisites: Access to the TWiki login page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DOUHINE Davy · textwebappsphp
https://www.exploit-db.com/exploits/34842

This exploit demonstrates a reflected XSS vulnerability in TWiki by injecting a script tag via the 'rev' parameter in a GET request. The vulnerability allows arbitrary JavaScript execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: TWiki versions prior to 5.0.1
No auth needed
Prerequisites: A vulnerable version of TWiki · User interaction to trigger the malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62557
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41796
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44103

Scores

EPSS 0.0311
EPSS Percentile 86.1%

Details

CWE
CWE-79
Status published
Products (24)
twiki/twiki 4.0.0
twiki/twiki 4.0.1
twiki/twiki 4.0.2
twiki/twiki 4.0.3
twiki/twiki 4.0.4
twiki/twiki 4.0.5
twiki/twiki 4.1.0
twiki/twiki 4.1.1
twiki/twiki 4.1.2
twiki/twiki 4.2.2
... and 14 more
Published Oct 18, 2010
Tracked Since Feb 18, 2026