JSPWiki Edit.jsp editor Parameter Traversal Local File Inclusion

The remote web server hosts JSPWiki, an open source WikiWiki engine built using standard J2EE components. The installed version of JSPWiki fails to sanitize user input to the 'editor' parameter of the 'Edit.jsp' script of directory traversal sequences before using it to include and execute an...

CVE-2008-1229

Cross-site scripting XSS vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b...

CVE-2008-1231

Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. dot dot in the editor parameter...

CVE-2008-1231

JSPWiki Edit.jsp editor parameter traversal (CVE-2008-1231) is documented in a Nessus plugin entry (JSPWiki Editor LFI). The issue affects JSPWiki versions 2.4.104 and 2.5.139, where input to the editor parameter is not sanitized, allowing a remote attacker to perform a local file inclusion by us...

CVE-2008-1229

Cross-site scripting XSS vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b...

CVE-2007-5120

Multiple cross-site scripting XSS vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the 1 group and 2 members parameters in a NewGroup.jsp; the 3 edittime parameter in b Edit.jsp; the 4 edittime, 5 author, and 6 link parameters i...

CVE-2007-5120

Multiple cross-site scripting XSS vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the 1 group and 2 members parameters in a NewGroup.jsp; the 3 edittime parameter in b Edit.jsp; the 4 edittime, 5 author, and 6 link parameters i...

CVE-2006-1580

Multiple cross-site scripting XSS vulnerabilities in Bugzero 4.3.1 and other versions allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter in query.jsp and 2 entryId parameter in edit.jsp...

CVE-2006-1580

Multiple cross-site scripting XSS vulnerabilities in Bugzero 4.3.1 and other versions allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter in query.jsp and 2 entryId parameter in edit.jsp...