|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 981 CVE : CVE-2006-2652 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : raphael huck free fr Published : 31.05.2006
Advisory Text : Hi, I've found a vulnerability more than 2 months ago, and notified the developers, but still no answer, so I'm posting here. http://zone14.free.fr/advisories/3/ Vendor: WikiNi Vulnerable: WikiNi 0.4.2 and below Persistent Cross Site Scripting A persistent XSS vulnerability is the most dangerous kind of XSS vulnerabilities, as the data submitted by the malicious user is stored permanently on the server. It could potentially hit a large number of other users with little need for social engineering. Just edit a page and insert: ""<script>alert('XSS Vulnerable');</script>"" Restrictions The attacker needs to have the rights to edit at least one page of the wiki, but most of the time it is the case. Moreover, WikiNi 0.4.2 is used on more than 100,000 pages according to Google. --Raphaël HUCK  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |