swiki-xss.txt
Posted on 09 April 2008
Title: Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities Vendor URL: http://wiki.squeak.org/swiki Vendor Contacted: Yes Description: Multiple stored and reflective cross-site scripting vulnerabilities were identified in Swiki 1.5. Reflective (example): http://[host]:8000/<script>alert("XSS");</script> Stored (example): On posts to 1.append when adding new entries into the wiki, the application does not properly escape javascript code resulting in a stored cross-site scripting attack. Credit: Brad Antoniewicz brad.antoniewicz@foundstone.com
