Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

pmwikiXSS.txt

🗓️ 30 Nov 2005 00:00:00Reported by Moritz NaumannType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

PmWiki 2.0.12 XSS vulnerability, affects version 2.0.12, discovered in Nov 200

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
  
SA0005  
  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
+++++ PmWiki 2.0.12 Cross Site Scripting +++++  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
PUBLISHED ON  
Nov 22, 2005  
  
  
PUBLISHED AT  
http://moritz-naumann.com/adv/0005/pmwiki/0005.txt  
http://moritz-naumann.com/adv/0005/pmwiki/0005.txt.sig  
  
  
PUBLISHED BY  
Moritz Naumann IT Consulting & Services  
Hamburg, Germany  
http://moritz-naumann.com/  
  
SECURITY at MORITZ hyphon NAUMANN d0t COM  
GPG key: http://moritz-naumann.com/keys/0x277F060C.asc  
  
  
AFFECTED APPLICATION OR SERVICE  
PmWiki  
http://www.pmwiki.org/  
  
  
AFFECTED VERSION  
Version 2.0 up to and including 2.0.12  
  
  
BACKGROUND  
Everybody knows XSS.  
http://en.wikipedia.org/wiki/XSS  
http://www.cgisecurity.net/articles/xss-faq.shtml  
  
  
ISSUE  
PmWiki 2.0.12 is subject to a XSS vulnerability. The  
problem exists in the 'q' parameter passed to the search  
function. Successful exploitation may allow for  
impersonification through session stealing.  
  
The following URL demonstrates this issue:  
  
[pmwiki_basedir]/Site/Search?action=search&q=TRY%20ANOTHER%20SEARCH%20NOW!%20YES,%20YOU!'%20onMouseOver='alert(document.title);'%20  
  
This issue is caused by insufficient input validation.  
  
  
  
WORKAROUND  
Client: Disable Javascript.  
Server: Prevent access to pagelist.php.  
  
  
SOLUTIONS  
Install or upgrade to the latest release, version 2.0.13.  
Both releases and patch files are available at  
http://www.pmwiki.org/pub/pmwiki/  
  
  
TIMELINE  
Nov 05, 2005 Discovery  
Nov 05, 2005 Code maintainer notified  
Nov 09, 2005 Code maintainer replies  
Nov 10, 2005 Code maintainer provides fix  
Nov 11, 2005 CVE candidate assignment requested  
Nov 22, 2005 Sick of waiting for Mitre to fix their DB  
Nov 22, 2005 Public disclosure  
  
  
REFERENCES  
N/A  
  
  
ADDITIONAL CREDIT  
N/A  
  
  
LICENSE  
Creative Commons Attribution-ShareAlike License Germany  
http://creativecommons.org/licenses/by-sa/2.0/de/  
  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.2 (GNU/Linux)  
  
iD8DBQFDg4k6n6GkvSd/BgwRAkHNAKCTcGJKosuxhRzWh4BBSxMdhPN5hgCgh6ge  
12nFL+rppdBzzKf9w3XXETc=  
=idBd  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4
pmwikicross site scriptingxssvulnerabilityversion 2.0.12nov 2005moritz naumanngermanysession stealinginput validationjavascript disable
42