Published:2006/05/24  Last Updated:2008/05/21

JVN#16558862
RWiki cross-site scripting vulnerability

Overview

RWiki, software written in Ruby providing Wiki functions, contains a cross-site scripting vulnerability, as content is not adequately escaped for display.

Products Affected

  • RWiki/2.1.0pre1 - RWiki/2.1.0

Description

Impact

A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitrary script could then be executed on the user's web browser.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
rwiki-devel Vulnerable 2006/05/24

References

JPCERT/CC Addendum

Credit

Masatoshi Seki of www.druby.org reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000621

Update History