Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TWiki 'origurl'跨站脚本攻击漏洞
Vulnerability Description
TWiki是美国软件开发者Peter Thoeny所研发的一套基于Perl语言的开源Wiki程序,是一个基于Web的网站协作平台,它可用于项目开发管理、文档管理、知识库管理以及其他协作工作。 TWiki 5.0.2之前版本中存在跨站脚本攻击漏洞。该漏洞是由于向bin/login/Sandbox/WebHome发送的“origurl”参数在lib/TWiki/LoginManager/TemplateLogin.pm中还有经过正确过滤就返回给了用户,远程攻击者可以利用此漏洞执行任意HTML和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A