Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / Gentoo Local Security Checks / [GLSA-200412-23] Zwiki: XSS vulnerability
server monitoring

[GLSA-200412-23] Zwiki: XSS vulnerability
Article ID: 16034
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 410
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

[GLSA-200412-23] Zwiki: XSS vulnerability
(C) 2005 Tenable Network Security, Inc.

FamilyGentoo Local Security Checks
Plugin ID16034
Bugtraq ID
CVE ID

Description:
The remote host is affected by the vulnerability described in GLSA-200412-23
(Zwiki: XSS vulnerability)


Due to improper input validation, Zwiki can be exploited to
perform cross-site scripting attacks.

Impact

By enticing a user to read a specially-crafted wiki entry, an
attacker can execute arbitrary script code running in the context of
the victims browser.

Workaround

There is no known workaround at this time.

References:
http://zwiki.org/925ZwikiXSSVulnerability


Solution:
All Zwiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-zope/zwiki-0.36.2-r1"


Risk factor : Low
This article was:   Helpful | Not Helpful
Prev   Next
[GLSA-200711-16] CUPS: Memory corruption     [GLSA-200411-12] zgv: Multiple buffer overflows

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events