JVN#67001206
Multiple vulnerabilities in FreeStyleWiki including cross-site scripting
Overview
FreeStyleWiki contains a cross-site scripting and a cross-site request forgery vulnerabilities.
The cross-site scripting vulnerability could allow a remote attacker to create a web page containing a malicious script.
The cross-site request forgery vulnerability could allow a remote attacker to manipulate the user's operation if a FreeStyleWiki administrator views a specially crafted web page.
Products Affected
- FreeStyleWiki 3.5.9 and earlier
Description
Impact
A malicious script may be executed on the user's web browser. Furthermore, a combination of the vulnerabilities can be exploited to create a new user with administrative privileges when a FreeStyleWiki administrator logs into it with administrative privileges and views a Wiki page which is specially crafted by a remote attacker.
Solution
References
JPCERT/CC Addendum
Credit
Tomoya Taniguchi of Chimeraworks, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000796 |