CVE-2011-5025: XSS
First published: Thu Dec 29 2011(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yaws | =1.88 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2011-5025?
The severity of CVE-2011-5025 is considered moderate due to the potential for cross-site scripting attacks.
How do I fix CVE-2011-5025?
To fix CVE-2011-5025, upgrade to Yaws version 1.89 or later.
What types of vulnerabilities are present in CVE-2011-5025?
CVE-2011-5025 contains multiple cross-site scripting (XSS) vulnerabilities in the Yaws wiki application.
Which versions of Yaws are affected by CVE-2011-5025?
Yaws version 1.88 is affected by CVE-2011-5025.
Can CVE-2011-5025 allow remote attackers to execute scripts?
Yes, CVE-2011-5025 allows remote attackers to inject arbitrary web scripts or HTML.
- agent/references
- agent/type
- agent/severity
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- vendor/yaws
- canonical/yaws
- version/yaws/1.88