VWE-2010-0075 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2010-0075
This page is a chapter in Info Known Vulnerabilities

This page has been seen 359,884 times.

- Created by
  dianiz
  on April 18, 2015
  
  Last updated by
  pegasus
  on April 8, 2018

Common Name Link Recall Vulnerability
VWE-ID VWE-2010-0075
Related Report None
Severity HIGH
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description HTML/Javascript injection. Does not affect Lite versions.

Discovered September 18, 2010
Resolved September 30, 2010
Patches Available 3.0.4
2.5.7 Patch Level 3
Workaround In Settings > Options > VaultWiki: Server Settings, disable "Enable Link Caching."
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Link Recall Vulnerability
VWE-ID	VWE-2010-0075
Related Report	None
Severity	HIGH
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML/Javascript injection. Does not affect Lite versions.
Discovered	September 18, 2010
Resolved	September 30, 2010
Patches Available	3.0.4 2.5.7 Patch Level 3
Workaround	In Settings > Options > VaultWiki: Server Settings, disable "Enable Link Caching."