Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
WikiNi Multiple Cross Site Scripting Vulnerabilities
Oct 23 2006 07:26PM
raphael huck free fr
Hi, I've found 2 XSS vulns in WikiNi. The programmers have been contacted and the vulns addressed in version 0.4.4.
The name parameter of page wakka.php is not properly sanitized:
<form method="POST" enctype="application/x-www-form-urlencoded" action="http://www.example.com/wakka.ph...
[ more ]
Copyright 2010, SecurityFocus