#5 Wikepage Wiki v.2007-2 Cross-Site Scripting

development
closed-fixed
wike (4)
5
2008-09-21
2008-04-09
No

Wikepage Wiki v.2007-2 Cross-Site Scripting

Author: Gerendi Sandor Attila
Date: April 09, 2008
Package: Wikepage Wiki
Product homepage: http://wikepage.org/
Versions Affected: v.2007-2 (Other versions may also be affected)
Severity: XSS

Input passed to "wiki" in "index.php" is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when malicious data is viewed.

Example:
http://somehost/wikepage_2007_2/index.php?wiki=test%22%20onclick=%22alert\(1)%22%20%20bla=%22

Status:
1. Contacted the author at April 09, 2008 via sourceforge tracker.

Discussion

  • Jose Carlos N Medeiros

    • status: open --> closed
     
  • Jose Carlos N Medeiros

    • labels: --> wike
    • milestone: --> development
    • assigned_to: nobody --> psabs
    • status: closed --> closed-fixed
     
  • Jose Carlos N Medeiros

    Bug fixed on trunk and will be released on v.2008-9

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks