[Japanese]

JVNDB-2005-000771

Wiki clone cross-site scripting vulnerability

Overview

Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


AsWiki
  • AsWiki (attach plugin)
FreeStyleWiki Project
  • FreeStyleWiki 3.5.7 and ealier
  • FSWikiLite 0.0.10 and ealier
Hiki Development Team
  • Hiki 0.6.5 and ealier
PukiWiki Developers Team.
  • PukiWiki 1.3.x, 1.4.x
Wiki Modoki
  • Wiki modoki 20050205

Impact

An arbitrary script may be executed on the browser of the user who viewed an attached file.
Solution

Vendor Information

AsWiki FreeStyleWiki Project Hiki Development Team PukiWiki Developers Team. Wiki Modoki
  • Wiki Modoki Security Information : 2005-05-19 (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#465742E4
Revision History

  • [2008/05/21]
      Web page published

Date Public2005/05/19
Date First Published2008/05/21
Date Last Updated2008/05/21