XSS in Yaws

CVE-2011-5025

Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (56.0th percentile) — read the EPSS interpretation.

Affected products

Yaws — versions 1.88
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

51276 (vdb-entry, x_refsource_BID)
cve@mitre.org (URL Repurposed, x_refsource_MISC)