by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

coWiki 0.3.4 XSS vuln

coWiki 0.3.4 XSS vuln
Vuln. dicovered by : r0t
Date: 5 dec. 2005
affected version: coWiki 0.3.4 (Boron) and prior

Product Description:
coWiki is a sophisticated but easy to use web collaboration tool that helps you and your co-workers to create and organize web documents, weblogs and knowledgebases or any other document structures directly in their HTML browser. You may evolve ideas and gain a concomitant XML documentation of your brainstorming without having to concentrate on complicated structural syntaxes.
In many senses, it is very like a wiki but additionally provides an easy way to secure and discuss its documents.

Vuln. Description:
Input passed to the "q" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Edit the source code to ensure that input is properly sanitised.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew