Description

Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-4748

Related Vulnerabilities

WebLogic Incorrect Authorization Vulnerability (CVE-2018-1258)

Python Uncontrolled Resource Consumption Vulnerability (CVE-2019-9674)

phpMyAdmin Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-5701)

WordPress Plugin Ninja Forms with File Uploads Extension Arbitrary File Upload (3.3.0)

b2evolution URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-22840)

Severity

Medium

Classification

CVE-2010-4748 CWE-707

Tags

Missing Update Known Vulnerabilities