PmWiki 2.0.12 Cross Site Scripting

2005-11-22 / 2005-11-23
Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0005 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ PmWiki 2.0.12 Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 22, 2005 PUBLISHED AT PUBLISHED BY Moritz Naumann IT Consulting & Services Hamburg, Germany SECURITY at MORITZ hyphon NAUMANN d0t COM GPG key: AFFECTED APPLICATION OR SERVICE PmWiki AFFECTED VERSION Version 2.0 up to and including 2.0.12 BACKGROUND Everybody knows XSS. ISSUE PmWiki 2.0.12 is subject to a XSS vulnerability. The problem exists in the 'q' parameter passed to the search function. Successful exploitation may allow for impersonification through session stealing. The following URL demonstrates this issue: [pmwiki_basedir]/Site/Search?action=search&q=TRY%20ANOTHER%20SEARCH%20NO W!%20YES,%20YOU!'%20onMouseOver='alert(document.title);'%20 This issue is caused by insufficient input validation. WORKAROUND Client: Disable Javascript. Server: Prevent access to pagelist.php. SOLUTIONS Install or upgrade to the latest release, version 2.0.13. Both releases and patch files are available at TIMELINE Nov 05, 2005 Discovery Nov 05, 2005 Code maintainer notified Nov 09, 2005 Code maintainer replies Nov 10, 2005 Code maintainer provides fix Nov 11, 2005 CVE candidate assignment requested Nov 22, 2005 Sick of waiting for Mitre to fix their DB Nov 22, 2005 Public disclosure REFERENCES N/A ADDITIONAL CREDIT N/A LICENSE Creative Commons Attribution-ShareAlike License Germany -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDg4k6n6GkvSd/BgwRAkHNAKCTcGJKosuxhRzWh4BBSxMdhPN5hgCgh6ge 12nFL+rppdBzzKf9w3XXETc= =idBd -----END PGP SIGNATURE-----

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top