Foswiki Multiple HTML Injection Vulnerabilities
BID:51841
Info
Foswiki Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 51841 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2012 12:00AM |
| Updated: | Feb 09 2012 12:10PM |
| Credit: | Sony |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Foswiki Multiple HTML Injection Vulnerabilities
Foswiki is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Foswiki versions prior to 1.1.5 are affected.
Foswiki is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Foswiki versions prior to 1.1.5 are affected.
Exploit / POC
Foswiki Multiple HTML Injection Vulnerabilities
An attacker can exploit these issues through a browser.
An attacker can exploit these issues through a browser.
Solution / Fix
Foswiki Multiple HTML Injection Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Foswiki Multiple HTML Injection Vulnerabilities
References:
References: