CVE-2011-1838
published 2011-05-20CVE-2011-1838: Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.73%
84.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| twiki | twiki | <= 5.0.1 | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-62xg-9rr5-qjfw: Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin
ghsa_unreviewed·2022-05-14
CVE-2011-1838 [MEDIUM] CWE-79 GHSA-62xg-9rr5-qjfw: Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files
kernel_security·2018-08-23·CVSS 7.2
CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files
namei: allow restricted O_CREAT of FIFOs and regular files
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.
This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:
CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
This list is no
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/44594http://securityreason.com/securityalert/8257http://securitytracker.com/id?1025542http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/http://www.securityfocus.com/archive/1/518038/100/0/threadedhttp://www.securityfocus.com/bid/47899http://www.vupen.com/english/advisories/2011/1258http://secunia.com/advisories/44594http://securityreason.com/securityalert/8257http://securitytracker.com/id?1025542http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/http://www.securityfocus.com/archive/1/518038/100/0/threadedhttp://www.securityfocus.com/bid/47899http://www.vupen.com/english/advisories/2011/1258
2011-05-20
Published