CVE-2008-3483

Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page.

Published: Aug 5, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3483
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
screwturn / screwturn_wiki	2.0.30	2.0.30.x
screwturn / screwturn_wiki	2.0.29	2.0.29.x

http://secunia.com/advisories/31242
http://www.portcullis.co.uk/281.php
http://www.screwturn.eu/Wiki.ashx#History_2
http://www.securityfocus.com/bid/30429
https://exchange.xforce.ibmcloud.com/vulnerabilities/42858

Vulnerability Database

290,476

CVE-2008-3483