Computer Security

Security Advisory: Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  phpTournois <= G4 Remote File Upload/Code Execution Exploit

  WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability

  Attack Technique: File Download Injection

  Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility

From:Brad Antoniewicz <brad.antoniewicz_(at)_foundstone.com>
Date:08.04.2008
Subject:Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities

Title: Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities
Vendor URL: http://wiki.squeak.org/swiki Vendor Contacted: Yes

Description:
Multiple stored and reflective cross-site scripting vulnerabilities were identified in Swiki 1.5.

Reflective (example):
http://[host]:8000/<script>alert("XSS");</script>

Stored (example):
On posts to 1.append when adding new entries into the wiki, the application does not properly escape
javascript code resulting in a stored cross-site scripting attack.

Credit:
Brad Antoniewicz
brad.antoniewicz@foundstone.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru