Particle Wiki Multiple Script XSS

2006-06-05T07:32:00
ID OSVDB:26028
Type osvdb
Reporter luny(luny@youfucktard.com)
Modified 2006-06-05T07:32:00

Description

Vulnerability Description

Particle Wiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple unspecified variables upon submission to multiple unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Particle Wiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple unspecified variables upon submission to multiple unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.particlesoft.net/ Secunia Advisory ID:20428 Related OSVDB ID: 25976 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0010.html ISS X-Force ID: 26952 ISS X-Force ID: 26907 Generic Exploit URL: http://pridels.blogspot.com/2006/06/particle-wiki-sql-inj.html Bugtraq ID: 18273