[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201005071430.09343.hanno@hboeck.de>
Date: Fri, 7 May 2010 14:30:09 +0200
From: Hanno Böck <hanno@...eck.de>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: pmwiki: persistent cross site scripting (XSS),
CVE-2010-1481
pmwiki: persistent cross site scripting (XSS), CVE-2010-1481
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1481
http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html
Description
The table feature of pmwiki is vulnerable to persistent cross site scripting
(XSS). The value of the width-parameter is not proberly escaped on output, so
one can put quotes in it. This makes it possible to use a JavaScript event
handler inside the first table field to inject code.
Example:
||width="
|| " onMouseOver=alert(1) " ||test||
The vendor has been contacted, but has not replied to my report.
Disclosure Timeline
2010-04-19: Vendor contacted
2010-05-07: Published advisory
Credits
This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of
schokokeks.org webhosting.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail: hanno@...eck.de
http://schokokeks.org - professional webhosting
Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists