OSWiki Username HTML Injection Vulnerability
BID:17189
Info
OSWiki Username HTML Injection Vulnerability
| Bugtraq ID: | 17189 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2006 12:00AM |
| Updated: | Mar 22 2006 08:09PM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
OSWiki OSWiki 0.3 |
| Not Vulnerable: |
OSWiki OSWiki 0.3.1 |
Discussion
OSWiki Username HTML Injection Vulnerability
OSWiki is affected by an HTML-injection vulnerability. A victim user who views the vulnerable sections of the site would have the attacker-supplied HTML and script code executed in the security context of the affected site.
OSWiki versions prior to 0.3.1 are vulnerable.
OSWiki is affected by an HTML-injection vulnerability. A victim user who views the vulnerable sections of the site would have the attacker-supplied HTML and script code executed in the security context of the affected site.
OSWiki versions prior to 0.3.1 are vulnerable.
Exploit / POC
OSWiki Username HTML Injection Vulnerability
This issue can be exploited with a web browser.
This issue can be exploited with a web browser.
Solution / Fix
OSWiki Username HTML Injection Vulnerability
Solution:
Version 0.3.1 has been released to address this issue.
OSWiki OSWiki 0.3
Solution:
Version 0.3.1 has been released to address this issue.
OSWiki OSWiki 0.3
-
OSWiki oswiki-0.3.1.zip
http://prdownloads.sourceforge.net/opensourcewiki/oswiki-0.3.1.zip
References
OSWiki Username HTML Injection Vulnerability
References:
References:
- OSWiki 0.3.1 released (OSWiki)
- OSWiki Web Site (OSWiki)