Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Hanno Böck (hannohboeck.de)
Date: Fri May 07 2010 - 07:30:09 CDT
pmwiki: persistent cross site scripting (XSS), CVE-2010-1481
The table feature of pmwiki is vulnerable to persistent cross site scripting
(XSS). The value of the width-parameter is not proberly escaped on output, so
handler inside the first table field to inject code.
|| " onMouseOver=alert(1) " ||test||
The vendor has been contacted, but has not replied to my report.
2010-04-19: Vendor contacted
2010-05-07: Published advisory
This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail: hannohboeck.de
http://schokokeks.org - professional webhosting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/