WackoWiki Unspecified Cross-Site Scripting Vulnerabilities

Bugtraq ID:	12939
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 29 2005 12:00AM
Updated:	Mar 29 2005 12:00AM
Credit:	These issues were reported by the vendor.
Vulnerable:	WackoWiki WackoWiki R4
Not Vulnerable:	WackoWiki WackoWiki R4.2

WackoWiki Unspecified Cross-Site Scripting Vulnerabilities

Multiple cross-site scripting vulnerabilities exist in WackoWiki. The vendor has released a fixed version to address these issues but has not provided any further information regarding these issues. The issues may likely be exploited to steal cookie-based authentication credentials. Other attacks may also be possible.

The vulnerabilities are reported to affect WackoWiki R4. It is not known if earlier versions are also affected.

These issues are distinct from the vulnerabilities reported in BID 11935 "WackoWiki Multiple Unspecified Cross-Site Scripting Vulnerabilities".

WackoWiki Unspecified Cross-Site Scripting Vulnerabilities

There is no exploit required.

WackoWiki Unspecified Cross-Site Scripting Vulnerabilities

Solution:
These issues have been addressed in WackoWiki R4.2.


WackoWiki WackoWiki R4

• WackoWiki WackoWiki R4.2
  http://wackowiki.com/WackoDownload/InEnglish#h4828-8

WackoWiki Unspecified Cross-Site Scripting Vulnerabilities

References:

• WackoWiki Release Notes (WackoWiki)