Open Wiki 'ow.asp' Cross-Site Scripting Vulnerability

Bugtraq ID:	18013
Class:	Input Validation Error
CVE:	CVE-2006-2473
Remote:	Yes
Local:	No
Published:	May 17 2006 12:00AM
Updated:	Sep 15 2008 07:00PM
Credit:	LiNuX_rOOt is credited with the discovery of this vulnerability.
Vulnerable:	Open Wiki Open Wiki 0.78
Not Vulnerable:

Open Wiki 'ow.asp' Cross-Site Scripting Vulnerability

Open Wiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

UPDATE (September 12, 2008): Additional information suggests that this issue may not exist.

Open Wiki 0.78 is reported vulnerable. Other versions may be affected as well.

Open Wiki 'ow.asp' Cross-Site Scripting Vulnerability

This issue can be exploited through a web client.

• /data/vulnerabilities/exploits/openwiki_poc.txt

Open Wiki 'ow.asp' Cross-Site Scripting Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Open Wiki 'ow.asp' Cross-Site Scripting Vulnerability

References:

• Open Wiki Home page (Open Wiki)
  
• OpenWiki<--v0.78 Cross-Site Scripting ([email protected])
  
• Re: OpenWiki<--v0.78 Cross-Site Scripting ([email protected])