BugTraq
STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability Dec 14 2004 06:04AM
advisory stgsecurity com


STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability

Revision 1.0

Date Published: 2004-12-09 (KST)

Last Update: 2004-12-09

Disclosed by SSR Team (advisory (at) stgsecurity (dot) com [email concealed])

Summary

========

UseModWiki is one of famous wiki web applications. It has a cross-site

scripting vulnerability.

Vulnerability Class

===================

Implementation Error: Input validation flaw

Details

=======

Due to an input validation flaw, the UseModWiki is vulnerable to cross-site

scripting attacks.

http://[victim]/cgi-bin/wiki.pl?<script>alert('XSSvulnerabilityexi
sts')</scr

ipt>

Impact

======

Medium: Malicious attackers can inject and execute an arbitrary script code

in a user's browser session in context of an affected site.

Workaround

==========

There is no known workaround.

Affected Products

================

UseModWiki 1.0

Vendor Status: NOT FIXED

=======================

2004-10-01 Vulnerability found.

2004-10-01 UseModWiki developer notified.

2004-10-02 UseModWiki developer confirmed.

2004-12-09 Official release.

Credits

======

Jeremy Bae at STG Security

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus