[Japanese]

JVNDB-2005-000796

Multiple vulnerabilities in FreeStyleWiki including cross-site scripting

Overview

FreeStyleWiki contains a cross-site scripting and a cross-site request forgery vulnerabilities.

The cross-site scripting vulnerability could allow a remote attacker to create a web page containing a malicious script.
The cross-site request forgery vulnerability could allow a remote attacker to manipulate the user's operation if a FreeStyleWiki administrator views a specially crafted web page.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


FreeStyleWiki Project
  • FreeStyleWiki 3.5.9 and earlier

Impact

A malicious script may be executed on the user's web browser. Furthermore, a combination of the vulnerabilities can be exploited to create a new user with administrative privileges when a FreeStyleWiki administrator logs into it with administrative privileges and views a Wiki page which is specially crafted by a remote attacker.
Solution

Vendor Information

FreeStyleWiki Project
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#67001206
Revision History

  • [2008/05/21]
      Web page published