ID CVE-2006-1361 Type cve Reporter cve@mitre.org Modified 2017-07-20T01:30:00
Description
Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml.
This vulnerability is addressed in the following product release:
OSWiki, OSWiki, 0.3.1
{"osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-1361"], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=403313\nVendor Specific News/Changelog Entry: http://svn.sourceforge.net/viewcvs.cgi/opensourcewiki/trunk/oswiki/app/views/user/list.rhtml?r1=22&r2=21&pathrev=22\nVendor Specific News/Changelog Entry: http://svn.sourceforge.net/viewcvs.cgi/opensourcewiki/trunk/oswiki/app/views/user/show.rhtml?r1=22&r2=21&pathrev=22\n[Secunia Advisory ID:19290](https://secuniaresearch.flexerasoftware.com/advisories/19290/)\nFrSIRT Advisory: ADV-2006-1035\n[CVE-2006-1361](https://vulners.com/cve/CVE-2006-1361)\nBugtraq ID: 17189\n", "modified": "2006-03-20T04:02:37", "published": "2006-03-20T04:02:37", "href": "https://vulners.com/osvdb/OSVDB:24026", "id": "OSVDB:24026", "type": "osvdb", "title": "OSWiki username Display XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}