[Japanese]

JVNDB-2005-000788

FreeStyleWiki command injection vulnerability

Overview

A cross-site scripting vulnerability exists in FreeStyleWiki's web management interface.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


FreeStyleWiki Project
  • FreeStyleWiki 3.5.8 and earlier

Impact

A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server.
Solution

Vendor Information

FreeStyleWiki Project
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#42435855
Revision History

  • [2008/05/21]
      Web page published

Date Public2005/08/29
Date First Published2008/05/21
Date Last Updated2008/05/21