PmWiki 2.0.12 Cross Site Scripting

2005-11-22 / 2005-11-23
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0005 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ PmWiki 2.0.12 Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 22, 2005 PUBLISHED AT http://moritz-naumann.com/adv/0005/pmwiki/0005.txt http://moritz-naumann.com/adv/0005/pmwiki/0005.txt.sig PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany http://moritz-naumann.com/ SECURITY at MORITZ hyphon NAUMANN d0t COM GPG key: http://moritz-naumann.com/keys/0x277F060C.asc AFFECTED APPLICATION OR SERVICE PmWiki http://www.pmwiki.org/ AFFECTED VERSION Version 2.0 up to and including 2.0.12 BACKGROUND Everybody knows XSS. http://en.wikipedia.org/wiki/XSS http://www.cgisecurity.net/articles/xss-faq.shtml ISSUE PmWiki 2.0.12 is subject to a XSS vulnerability. The problem exists in the 'q' parameter passed to the search function. Successful exploitation may allow for impersonification through session stealing. The following URL demonstrates this issue: [pmwiki_basedir]/Site/Search?action=search&q=TRY%20ANOTHER%20SEARCH%20NO W!%20YES,%20YOU!'%20onMouseOver='alert(document.title);'%20 This issue is caused by insufficient input validation. WORKAROUND Client: Disable Javascript. Server: Prevent access to pagelist.php. SOLUTIONS Install or upgrade to the latest release, version 2.0.13. Both releases and patch files are available at http://www.pmwiki.org/pub/pmwiki/ TIMELINE Nov 05, 2005 Discovery Nov 05, 2005 Code maintainer notified Nov 09, 2005 Code maintainer replies Nov 10, 2005 Code maintainer provides fix Nov 11, 2005 CVE candidate assignment requested Nov 22, 2005 Sick of waiting for Mitre to fix their DB Nov 22, 2005 Public disclosure REFERENCES N/A ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License Germany http://creativecommons.org/licenses/by-sa/2.0/de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDg4k6n6GkvSd/BgwRAkHNAKCTcGJKosuxhRzWh4BBSxMdhPN5hgCgh6ge 12nFL+rppdBzzKf9w3XXETc= =idBd -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top