Wikepage Wiki / Blog Hybrid Engine

Tracker: Bugs

5 Wikepage Wiki v.2007-2 Cross-Site Scripting - ID: 1938445

Last Update: Comment added ( psabs )

Details:

Wikepage Wiki v.2007-2 Cross-Site Scripting

Author: Gerendi Sandor Attila
Date: April 09, 2008
Package: Wikepage Wiki
Product homepage: http://wikepage.org/
Versions Affected: v.2007-2 (Other versions may also be affected)
Severity: XSS

Input passed to "wiki" in "index.php" is not properly sanitised before
being used. This can be exploited to insert arbitrary HTML and script code,
which is executed in a user's browser session in context of an affected
site when malicious data is viewed.

Example:
http://somehost/wikepage_2007_2/index.php?wiki=test%22%20onclick=%22alert(1
)%22%20%20bla=%22

Status:
1. Contacted the author at April 09, 2008 via sourceforge tracker.

Submitted:

Sandor Attila Gerendi ( darkz ) - 2008-04-09 08:57

Priority:

Status:

Closed

Resolution:

Fixed

Assigned:

Jose Carlos N Medeiros

Category:

wike

Group:

development

Visibility:

Public

Comment ( 1 )

Date: 2008-09-21 01:21 Sender: psabs Bug fixed on trunk and will be released on v.2008-9

Attached File

Changes ( 6 )

Field	Old Value	Date	By
resolution_id	None	2008-09-21 01:20	psabs
category_id	None	2008-09-21 01:20	psabs
artifact_group_id	None	2008-09-21 01:20	psabs
assigned_to	nobody	2008-09-21 01:20	psabs
close_date	-	2008-09-21 01:20	psabs
status_id	Open	2008-09-21 01:20	psabs

Wikepage Wiki / Blog Hybrid Engine

Tracker: Bugs

Comment ( 1 )

Attached File

No Files Currently Attached

Changes ( 6 )

About SourceForge

Find Software

Develop Software

Community

Help