CVE-2011-5025

Name of the Vulnerable Software and Affected Versions Yaws version 1.88

Description The wiki application in Yaws contains multiple cross-site scripting (XSS) issues, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved through various parameters, including tag in 'editTag.yaws', index in 'showOldPage.yaws', node in 'allRefsToMe.yaws', and text in 'editPage.yaws'.

Recommendations For Yaws version 1.88, as a temporary workaround, consider restricting access to the wiki application until a patch is available. Avoid using the parameters tag, index, node, and text in the affected API endpoints 'editTag.yaws', 'showOldPage.yaws', 'allRefsToMe.yaws', and 'editPage.yaws' respectively, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.