CVE-2006-7050

Properties

Published:
22.02.2007
Updated:
27.02.2007
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
WikkaWiki: WikkaWiki

Vulnerability description

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.

References:

http://wikkawiki.org/WikkaReleaseNotes: http://wikkawiki.org/WikkaReleaseNotes
http://wush.net/trac/wikka/changeset/47: http://wush.net/trac/wikka/changeset/47
http://wush.net/trac/wikka/ticket/142: http://wush.net/trac/wikka/ticket/142
BID: http://www.securityfocus.com/bid/18481
FRSIRT: http://www.frsirt.com/english/advisories/2006/2381
SECUNIA: http://secunia.com/advisories/20628
XF: http://xforce.iss.net/xforce/xfdb/27227