pmwiki: persistent cross site scripting (XSS), CVE-2010-1481

2010-05-11T00:00:00
ID SECURITYVULNS:DOC:23773
Type securityvulns
Reporter Securityvulns
Modified 2010-05-11T00:00:00

Description

pmwiki: persistent cross site scripting (XSS), CVE-2010-1481

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1481 http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html

Description

The table feature of pmwiki is vulnerable to persistent cross site scripting (XSS). The value of the width-parameter is not proberly escaped on output, so one can put quotes in it. This makes it possible to use a JavaScript event handler inside the first table field to inject code.

Example:

||width=" || " onMouseOver=alert(1) " ||test||

The vendor has been contacted, but has not replied to my report.

Disclosure Timeline

2010-04-19: Vendor contacted 2010-05-07: Published advisory

Credits

This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of schokokeks.org webhosting.

-- Hanno Bock Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno@hboeck.de

http://schokokeks.org - professional webhosting