VWE-2010-0074-1 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2010-0074-1
This page is a chapter in Info Known Vulnerabilities

This page has been seen 469,084 times.

- Created by
  dianiz
  on April 18, 2015
  
  Last updated by
  pegasus
  on November 24, 2024

Common Name Template Inheritance Vulnerability
VWE-ID VWE-2010-0074-1
Related Report None
Severity HIGH
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description HTML/Javascript injection. Does not affect Lite versions.

Discovered September 22, 2010
Resolved September 30, 2010
Patches Available 2.5.7 Patch level 3
Workaround Update all wiki forums so that none allow HTML. Alternatively, disable the template BB-Code (default: TEMPLATE) via the Wiki Code Manager.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Template Inheritance Vulnerability
VWE-ID	VWE-2010-0074-1
Related Report	None
Severity	HIGH
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML/Javascript injection. Does not affect Lite versions.
Discovered	September 22, 2010
Resolved	September 30, 2010
Patches Available	2.5.7 Patch level 3
Workaround	Update all wiki forums so that none allow HTML. Alternatively, disable the template BB-Code (default: TEMPLATE) via the Wiki Code Manager.