VWE-2011-0100 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2011-0100
This page is a chapter in Info Known Vulnerabilities

This page has been seen 562,503 times.

- Created by
  dianiz
  on April 18, 2015
  
  Last updated by
  pegasus
  on April 8, 2018

Common Name Target Injection Vulnerability
VWE-ID VWE-2011-0100
Related Report None
Severity HIGH
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description HTML/Javascript injection. Does not affect Lite versions.

Discovered June 14, 2011
Resolved June 23, 2011
Patches Available 3.0.12
3.0.11 Patch Level 1
3.0.10 Patch Level 1
3.0.9 Patch Level 1
3.0.8 Patch Level 1
3.0.7 Patch Level 1
3.0.6 Patch Level 1
3.0.5 Patch Level 1
3.0.4 Patch Level 1
3.0.3 Patch Level 1
3.0.2 Patch Level 1
3.0.1 Patch Level 1
Workaround In Settings > Options > VaultWiki: Server Settings, disable "Enable Link Caching."
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Target Injection Vulnerability
VWE-ID	VWE-2011-0100
Related Report	None
Severity	HIGH
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML/Javascript injection. Does not affect Lite versions.
Discovered	June 14, 2011
Resolved	June 23, 2011
Patches Available	3.0.12 3.0.11 Patch Level 1 3.0.10 Patch Level 1 3.0.9 Patch Level 1 3.0.8 Patch Level 1 3.0.7 Patch Level 1 3.0.6 Patch Level 1 3.0.5 Patch Level 1 3.0.4 Patch Level 1 3.0.3 Patch Level 1 3.0.2 Patch Level 1 3.0.1 Patch Level 1
Workaround	In Settings > Options > VaultWiki: Server Settings, disable "Enable Link Caching."