WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
BID:23894
Info
WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
| Bugtraq ID: | 23894 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2552 CVE-2007-2551 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2007 12:00AM |
| Updated: | Jul 06 2016 02:39PM |
| Credit: | The vendor credits sakura and an anonymous user for discovering these vulnerabilities. |
| Vulnerable: |
WikkaWiki WikkaWiki 1.1.6 .2 WikkaWiki WikkaWiki 1.1.6 .1 WikkaWiki WikkaWiki 1.1.6 .0 |
| Not Vulnerable: |
WikkaWiki WikkaWiki 1.1.6.3 |
Discussion
WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
WikkaWiki is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.
An attacker may leverage these issues to access sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to 1.1.6.3.
WikkaWiki is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.
An attacker may leverage these issues to access sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to 1.1.6.3.
Exploit / POC
WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
An attacker can exploit the cross-site scripting issue by enticing an unsuspecting user to follow a malicious URI. The attacker can use a browser to exploit the information-disclosure vulnerability.
An attacker can exploit the cross-site scripting issue by enticing an unsuspecting user to follow a malicious URI. The attacker can use a browser to exploit the information-disclosure vulnerability.
Solution / Fix
WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
WikkaWiki Cross-Site Scripting And Information Disclosure Vulnerabilities
References:
References:
- WikkaWiki Homepage (WikkaWiki)
- WikkaWiki Release Notes (WikkaWiki)