CVE-2010-4642

XWiki < 2.5 - Cross-Site Scripting

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (5)

Core 5

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42058

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/62942

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/68977

Various Sources x_refsource_confirm

http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWikiEnterprise25

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/44601

Scores

EPSS 0.0007

EPSS Percentile 21.8%

Details

CWE

CWE-79

Status published

Products (8)

xwiki/xwiki 0.9.543

xwiki/xwiki 0.9.790

xwiki/xwiki 0.9.793

xwiki/xwiki 0.9.840

xwiki/xwiki 0.9.1252

xwiki/xwiki 1.0 b1 (2 CPE variants)

xwiki/xwiki 1.1 rc1

xwiki/xwiki < 2.4

Published Dec 30, 2010

Tracked Since Feb 18, 2026