Joined: 25 Feb 2003
Location: Essen, Germany
|Posted: Wed Dec 22, 2004 6:54 am Post subject: [ GLSA 200412-23 ] Zwiki: XSS vulnerability
|Gentoo Linux Security Advisory
Title: Zwiki: XSS vulnerability (GLSA 200412-23)
Date: December 21, 2004
Updated: May 22, 2006
Zwiki is vulnerable to cross-site scripting attacks.
Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites.
Vulnerable: < 0.36.2-r1
Unaffected: >= 0.36.2-r1
Architectures: All supported architectures
Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks.
By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script code running in the context of the victim's browser.
There is no known workaround at this time.
All Zwiki users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-zope/zwiki-0.36.2-r1"
Zwiki Bug Report
Last edited by GLSA on Sun Jun 14, 2009 4:16 am; edited 4 times in total