CVE-2010-4748

PmWiki 2.2.20 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.

References (6)

[Exploit] http://marc.info/?l=full-disclosure&m=129234473228351&w=2

[Exploit] http://packetstormsecurity.org/files/view/96687/pm-wiki-xss.txt

[Vendor Advisory] http://secunia.com/advisories/42608

[Third Party Advisory] http://www.pmwiki.org/wiki/PmWiki/ChangeLog

[Third Party Advisory] http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes

[Third Party Advisory] http://securityreason.com/securityalert/8113

Scores

EPSS 0.0050

EPSS Percentile 65.5%

Classification

CWE

CWE-79

Status published

Affected Products (2)

pmwiki/pmwiki

n/a/n/a

Timeline

Published Mar 01, 2011

Tracked Since Feb 18, 2026