GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Wed Dec 22, 2004 6:54 am Post subject: [ GLSA 200412-23 ] Zwiki: XSS vulnerability |
|
|
Gentoo Linux Security Advisory
Title: Zwiki: XSS vulnerability (GLSA 200412-23)
Severity: low
Exploitable: remote
Date: December 21, 2004
Updated: May 22, 2006
Bug(s): #72315
ID: 200412-23
Synopsis
Zwiki is vulnerable to cross-site scripting attacks.
Background
Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites.
Affected Packages
Package: net-zope/zwiki
Vulnerable: < 0.36.2-r1
Unaffected: >= 0.36.2-r1
Architectures: All supported architectures
Description
Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks.
Impact
By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script code running in the context of the victim's browser.
Workaround
There is no known workaround at this time.
Resolution
All Zwiki users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-zope/zwiki-0.36.2-r1" |
References
Zwiki Bug Report
CVE-2004-1075
Last edited by GLSA on Sun Jun 14, 2009 4:16 am; edited 4 times in total |
|