Published:2005/05/19 Last Updated:2008/05/21
JVN#465742E4
Wiki clone cross-site scripting vulnerability
Overview
Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user.
Products Affected
- Wiki clones having a file-attachment function
Description
Impact
An arbitrary script may be executed on the browser of the user who viewed an attached file.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| TANIGUCHI Takaki | Vulnerable | 2005/05/20 | |
| FreeStyle Wiki Project | Vulnerable | 2005/05/19 | |
| Hiki development team | Vulnerable | 2005/05/20 | |
| PukiWiki Developers Team | Vulnerable | 2005/10/13 | |
| IWATSUKI Hiroyuki | Vulnerable | 2005/05/19 |
References
JPCERT/CC Addendum
Credit
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports |
JPCERT-WR-2005-2001 JPCERT/CC REPORT 2005-05-25 |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000771 |