Published: 29/12/2011 Updated: 14/02/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote malicious users to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yaws yaws 1.88

Debian Bug report logs - #653966 yaws cross site scripting Package: yaws; Maintainer for yaws is Debian Erlang Packagers <pkg-erlang-devel@listsaliothdebianorg>; Source for yaws is src:yaws (PTS, buildd, popcon) Reported by: Thijs Kinkhorst <thijs@debianorg> Date: Sun, 1 Jan 2012 23:03:02 UTC Severity: serious ...

Application: yaws-wiki version affected: 188-1 platform: Erlang homepage:yawshyberorg/ Researcher: Michael Brooks Orignal Advisory:sitewatch/en/Advisory/4 Install instructions for Ubuntu: sudo apt-get install yaws-wiki Edit:/etc/yaws/confd/yaws-wikiconf #add this: <server wiki> port = 8181 listen = 0000 docroot = ...

source: wwwsecurityfocuscom/bid/51276/info Yaws is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affecte ...

CWE-79 https://sitewat.ch/Advisory/View/4 http://www.securityfocus.com/bid/51276 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653966 https://nvd.nist.gov https://www.exploit-db.com/exploits/17111/

CVE-2011-5025

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect