{"api_version":"1","generated_at":"2026-07-03T11:33:45+00:00","cve":"CVE-2011-5025","urls":{"html":"https://cve.report/CVE-2011-5025","api":"https://cve.report/api/cve/CVE-2011-5025.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-5025","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-5025"},"summary":{"title":"CVE-2011-5025","description":"Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.","state":"PUBLISHED","assigner":"mitre","published_at":"2011-12-29 11:55:10","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/51276","name":"http://www.securityfocus.com/bid/51276","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Yaws Multiple Cross Site Scripting and HTML Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://sitewat.ch/Advisory/View/4","name":"https://sitewat.ch/Advisory/View/4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["URL Repurposed"],"title":"sitewat.ch","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-5025","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-5025","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"5025","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"yaws","cpe5":"yaws","cpe6":"1.88","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T00:23:39.383Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"51276","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/51276"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://sitewat.ch/Advisory/View/4"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-04-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2012-09-25T09:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"51276","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/51276"},{"tags":["x_refsource_MISC"],"url":"https://sitewat.ch/Advisory/View/4"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2011-5025","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"51276","refsource":"BID","url":"http://www.securityfocus.com/bid/51276"},{"name":"https://sitewat.ch/Advisory/View/4","refsource":"MISC","url":"https://sitewat.ch/Advisory/View/4"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2011-5025","datePublished":"2011-12-29T11:00:00.000Z","dateReserved":"2011-12-28T00:00:00.000Z","dateUpdated":"2024-08-07T00:23:39.383Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-12-29 11:55:10","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yaws:yaws:1.88:*:*:*:*:*:*:*","matchCriteriaId":"482CFAEA-1426-4764-9B82-6D1A056C9295"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"5025","Ordinal":"1","Title":"CVE-2011-5025","CVE":"CVE-2011-5025","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"5025","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.","Type":"Description","Title":"CVE-2011-5025"},{"CveYear":"2011","CveId":"5025","Ordinal":"2","NoteData":"2011-12-29","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"5025","Ordinal":"3","NoteData":"2012-09-25","Type":"Other","Title":"Modified"}]}}}