• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

JSPWiki Multiple Input Validation Vulnerabilities

Attackers may exploit these issues through a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI.

The following URIs demonstrate the cross-site scripting issues:

http://www.example.com/wiki/NewGroup.jsp?group=[XSS]
http://www.example.com/wiki/Edit.jsp?page=Main&action=save&edittime=1186698299838&addr=127.0.0.1&_editedtext=[XSS]&changenote=[XSS]&ok=Save
http://www.example.com/wiki/Comment.jsp?page=Main&action=save&edittime=1186698386737&addr=127.0.0.1&_editedtext=[XSS]&author=AnonymousCoward&link=&ok=Save
http://www.example.com/wiki/UserPreferences.jsp?tab=profile&loginname=[XSS]&password=test&password2=test&wikiname=[XSS]&fullname=[XSS]&email=[XSS]&ok=Save+profile&action=saveProfile
http://www.example.com/wiki/Login.jsp?tab=profile&loginname=[XSS]&password=Test&password2=Test&wikiname=[XSS]&fullname=[XSS]&email=[XSS]&ok=Save+profile&action=saveProfile
http://www.example.com/wiki/Diff.jsp?page=Administrator&r1=[XSS]&r2=[XSS]