CVE-2011-3010

Twiki < 5.0.1 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mesut Timur · textwebappsphp

https://www.exploit-db.com/exploits/36163

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Mesut Timur · textwebappsphp

https://www.exploit-db.com/exploits/36162

View Code ZIP pw:eip

References (9)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html

[Various Sources] http://develop.twiki.org/trac/changeset/21920

[Various Sources] http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010

[Various Sources] http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/49746

[Third Party Advisory, VDB Entry] http://www.osvdb.org/75673

[Third Party Advisory, VDB Entry] http://www.osvdb.org/75674

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1026091

[Third Party Advisory] http://secunia.com/advisories/46123

Scores

EPSS 0.1712

EPSS Percentile 94.9%

Classification

CWE

CWE-79

Status published

Affected Products (21)

twiki/twiki < 5.0.1

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

twiki/twiki

... and 6 more

Timeline

Published Sep 30, 2011

Tracked Since Feb 18, 2026