Full Disclosure mailing list archives
STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability
From: "SSR Team" <advisory () stgsecurity com>
Date: Tue, 14 Dec 2004 11:46:25 +0900
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability Revision 1.0 Date Published: 2004-12-09 (KST) Last Update: 2004-12-09 Disclosed by SSR Team (advisory () stgsecurity com) Summary ======== UseModWiki is one of famous wiki web applications. It has a cross-site scripting vulnerability. Vulnerability Class =================== Implementation Error: Input validation flaw Details ======= Due to an input validation flaw, the UseModWiki is vulnerable to cross-site scripting attacks. http://[victim]/cgi-bin/wiki.pl?<script>alert('XSSvulnerabilityexists')</scr ipt> Impact ====== Medium: Malicious attackers can inject and execute an arbitrary script code in a user's browser session in context of an affected site. Workaround ========== There is no known workaround. Affected Products ================ UseModWiki 1.0 Vendor Status: NOT FIXED ======================= 2004-10-01 Vulnerability found. 2004-10-01 UseModWiki developer notified. 2004-10-02 UseModWiki developer confirmed. 2004-12-09 Official release. Credits ====== Jeremy Bae at STG Security -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBQb5Toj9dVHd/hpsuEQLf5ACeKnzLlBUdPNkhnqxOadbhhEAWHiwAoLVx /rKZpYxRSWHk+Iqhl9KSU3T5 =OeQ+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability SSR Team (Dec 15)