Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/51276 | |
https://sitewat.ch/Advisory/View/4 | URL Repurposed |
Configurations
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://sitewat.ch/Advisory/View/4 - URL Repurposed |
Information
Published : 2011-12-29 11:55
Updated : 2024-02-14 01:17
NVD link : CVE-2011-5025
Mitre link : CVE-2011-5025
CVE.ORG link : CVE-2011-5025
JSON object : View
Products Affected
yaws
- yaws
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')