swiki-xss.txt

2008-04-09T00:00:00
ID PACKETSTORM:65330
Type packetstorm
Reporter Brad Antoniewicz
Modified 2008-04-09T00:00:00

Description

                                        
                                            `Title: Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities   
Vendor URL: http://wiki.squeak.org/swiki Vendor Contacted: Yes  
  
Description:  
Multiple stored and reflective cross-site scripting vulnerabilities were identified in Swiki 1.5.   
  
Reflective (example):  
http://[host]:8000/<script>alert("XSS");</script>  
  
Stored (example):  
On posts to 1.append when adding new entries into the wiki, the application does not properly escape javascript code resulting in a stored cross-site scripting attack.   
  
Credit:   
Brad Antoniewicz  
brad.antoniewicz@foundstone.com  
`