XWiki Enterprise Unspecified SQL Injection And XSS Vulnerabilities Network Vulnerability

Summary

The host is running XWiki Enterprise and is prone to unspecified SQL injection and cross site scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary script code or cause SQL Injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to XWiki Enterprise 2.5 or later, For updates refer to http://enterprise.xwiki.org/xwiki/bin/view/Main/

Insight

The flaws are caused by input validation errors when processing user-supplied data and parameters, which could allow remote attackers to execute arbitrary script code or manipulate SQL queries by injecting arbitrary SQL code.

Affected

XWiki Enterprise before 2.5

References

http://secunia.com/advisories/42058
http://www.osvdb.org/68976
http://www.osvdb.org/68977
http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWikiEnterprise25

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4641, CVE-2010-4642
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Allegro RomPager `Misfortune Cookie` Vulnerability
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
ATutor password reminder SQL injection

XWiki Enterprise Unspecified SQL Injection and XSS Vulnerabilities

Take action and discover your vulnerabilities