BID:30071

FreeStyle Wiki Unspecified Cross Site Scripting Vulnerability

Info

FreeStyle Wiki Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	30071
Class:	Input Validation Error
CVE:	CVE-2008-3023
Remote:	Yes
Local:	No
Published:	Jul 03 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	JVN
Vulnerable:	FreeStyle Wiki Wiki 3.6.3 dev3 FreeStyle Wiki Wiki 3.6.2 FreeStyle Wiki Wiki 3.5.9 FreeStyle Wiki Wiki 3.5.8 FreeStyle Wiki Wiki 3.5.7

Not Vulnerable:

Discussion

FreeStyle Wiki Unspecified Cross Site Scripting Vulnerability

FreeStyle Wiki is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects the following:

FreeStyle Wiki 3.6.2 and prior versions
FreeStyle Wiki 3.6.3 dev3 and prior versions.

Exploit / POC

FreeStyle Wiki Unspecified Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Solution / Fix

FreeStyle Wiki Unspecified Cross Site Scripting Vulnerability

Solution:
The vendor has released a patch. Please see the references for more information.

FreeStyle Wiki Wiki 3.5.7

FreeStyle Wiki fswiki-patch-20080703-2.zip
http://sourceforge.jp/projects/fswiki/downloads/20797/fswiki-patch-200 80703-2.zip

FreeStyle Wiki Wiki 3.5.8

FreeStyle Wiki fswiki-patch-20080703-2.zip
http://sourceforge.jp/projects/fswiki/downloads/20797/fswiki-patch-200 80703-2.zip

FreeStyle Wiki Wiki 3.5.9

FreeStyle Wiki fswiki-patch-20080703-2.zip
http://sourceforge.jp/projects/fswiki/downloads/20797/fswiki-patch-200 80703-2.zip

FreeStyle Wiki Wiki 3.6.2

FreeStyle Wiki fswiki-patch-20080703-2.zip
http://sourceforge.jp/projects/fswiki/downloads/20797/fswiki-patch-200 80703-2.zip

FreeStyle Wiki Wiki 3.6.3 dev3

FreeStyle Wiki fswiki-patch-20080703-2.zip
http://sourceforge.jp/projects/fswiki/downloads/20797/fswiki-patch-200 80703-2.zip

References

FreeStyle Wiki Unspecified Cross Site Scripting Vulnerability

References:

Freestyle Wiki Homepage (Freestyle Wiki)
JVN#77432756 (JVN)