CVE-2010-4640
XWiki Watch 1.0 - Cross-Site Scripting via rev, register_first_name, and register_last_name Parameters
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62940
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62941
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/68974
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/68975
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42090
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44606
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/68973
Scores
EPSS
0.0010
EPSS Percentile
27.8%
Details
CWE
CWE-79
Status
published
Products (1)
xwiki/xwiki_watch
1.0
Published
Dec 30, 2010
Tracked Since
Feb 18, 2026