CVE-2008-5323

Properties

Published:
02.12.2008
Updated:
05.12.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Product:
easy-script: wysi_wiki_wyg

Vulnerability description

Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

References:

XF: http://xforce.iss.net/xforce/xfdb/45994
BID: http://www.securityfocus.com/bid/31836
MILW0RM: http://www.milw0rm.com/exploits/6042
SECUNIA: http://secunia.com/advisories/31061
MISC: http://packetstormsecurity.org/0810-exploits/wysiwikiwyg-lfixssdisclose.txt