pmwiki 2.2.15 persistent cross site scripting (XSS)

2010-05-22 / 2010-05-23
Credit: Hanno Back
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

pmwiki: persistent cross site scripting (XSS), CVE-2010-1481 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1481 http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html Description The table feature of pmwiki is vulnerable to persistent cross site scripting (XSS). The value of the width-parameter is not proberly escaped on output, so one can put quotes in it. This makes it possible to use a JavaScript event handler inside the first table field to inject code. Example: ||width=" || " onMouseOver=alert(1) " ||test|| The vendor has been contacted, but has not replied to my report. Disclosure Timeline 2010-04-19: Vendor contacted 2010-05-07: Published advisory Credits This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of schokokeks.org webhosting. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno (at) hboeck (dot) de [email concealed] http://schokokeks.org - professional webhosting -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) iEYEABECAAYFAkvkB9EACgkQr2QksT29OyA8igCeMRQbreY7IrVSspYOXS782fOO xWAAnAq0Udv0KRQgHnCfRrMII3jkq4+i =FtQe -----END PGP SIGNATURE-----

References:

http://www.securityfocus.com/bid/39994
http://www.securityfocus.com/archive/1/archive/1/511177/100/0/threaded
http://secunia.com/advisories/39698
http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top