• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

WackoWiki Double Quoted Input HTML Injection Vulnerability

WackoWiki is reported affected by an HTML injection vulnerability. This issue is due to the affected software not properly sanitizing user-supplied input. Specifically the problem is related to how the application handles input that is enclosed in two instances of double-quote characters ("").

An attacker may leverage this issue to execute arbritrary script code in the browser of an unsuspecting user. This would occur in the security context of the site hosting the vulnerable software. This may facilitate the theft of cookie-based authentication credentials, loss of integrity, or other attacks.