Hiki Search Results XSS

2004-07-12T02:06:38
ID OSVDB:19333
Type osvdb
Reporter OSVDB
Modified 2004-07-12T02:06:38

Description

Vulnerability Description

Hiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the search results upon submission to unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 0.6.5, 0.7.0-devel-20040626 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Hiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the search results upon submission to unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://hikiwiki.org/ Vendor Specific Advisory URL Related OSVDB ID: 19334 Related OSVDB ID: 19339 Related OSVDB ID: 19341 Related OSVDB ID: 19332 Related OSVDB ID: 19337 Related OSVDB ID: 19335 Related OSVDB ID: 19336 Related OSVDB ID: 19338 Related OSVDB ID: 19340