CVE-2011-1838
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2011-1838
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TWiki 'origurl'跨站脚本攻击漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TWiki是美国软件开发者Peter Thoeny所研发的一套基于Perl语言的开源Wiki程序,是一个基于Web的网站协作平台,它可用于项目开发管理、文档管理、知识库管理以及其他协作工作。 TWiki 5.0.2之前版本中存在跨站脚本攻击漏洞。该漏洞是由于向bin/login/Sandbox/WebHome发送的“origurl”参数在lib/TWiki/LoginManager/TemplateLogin.pm中还有经过正确过滤就返回给了用户,远程攻击者可以利用此漏洞执行任意HTML和脚本代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2011-1838
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2011-1838
Please Login to view more intelligence information
- http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/x_refsource_MISC
- http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2011-1838
Same Patch Batch · n/a · 2011-05-20 · 35 CVEs total
| CVE-2011-2157 | SmarterTools SmarterStats web服务器权限许可和访问控制漏洞 | |
| CVE-2011-2149 | SmarterTools SmarterStats web服务器多个SQL注入漏洞 | |
| CVE-2011-2150 | SmarterTools SmarterStats web服务器XML注入漏洞 | |
| CVE-2011-2151 | SmarterTools SmarterStats web服务器敏感信息泄露漏洞 | |
| CVE-2011-2152 | SmarterTools SmarterStats web服务器跨域Referer泄露漏洞 | |
| CVE-2011-2153 | SmarterTools SmarterStats web服务器Login.aspx跨域Referer泄露漏洞 | |
| CVE-2011-2154 | SmarterTools SmarterStats web服务器login.aspx敏感信息泄露漏洞 | |
| CVE-2011-2155 | SmarterTools SmarterStats web服务器Login.aspx认证绕过漏洞 | |
| CVE-2011-2156 | SmarterTools SmarterStats web服务器目录列表信息泄露漏洞 | |
| CVE-2011-2148 | SmarterTools SmarterStats web服务器操作系统命令注入漏洞 | |
| CVE-2011-2158 | SmarterTools SmarterStats web服务器设计错误漏洞 | |
| CVE-2011-2159 | SmarterTools SmarterStats web服务器设计错误漏洞 | |
| CVE-2011-2160 | FFmpeg VC-1解码功能输入验证漏洞 | |
| CVE-2011-2161 | FFmpeg libavformat ape.c ape_read_header函数拒绝服务漏洞 | |
| CVE-2011-2162 | FFmpeg多个未明漏洞 | |
| CVE-2011-2163 | IBM Systems Director Virtualization Manager未明漏洞 | |
| CVE-2011-2164 | Adobe Photoshop多个未明漏洞 | |
| CVE-2011-0962 | Cisco Unified Operations Manager跨站脚本攻击漏洞 | |
| CVE-2009-5075 | Monkey's Audio '.ape'文件拒绝服务漏洞 | |
| CVE-2010-0217 | Zeacom Chat Server弱'JSESSIONID'会话ID劫持漏洞 |
Showing top 20 of 35 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-
V. Comments for CVE-2011-1838
No comments yet