header-logo
Suggest Exploit
vendor:
Wikiwig
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting and HTML-Injection
79
CWE
Product Name: Wikiwig
Affected Version From: 05.01
Affected Version To: 05.01
Patch Exists: NO
Related CWE: CVE-2011-0001
CPE: a:wikiwig:wikiwig:5.01
Metasploit: https://www.rapid7.com/db/vulnerabilities/vmsa-2013-0001-cve-2011-3102/https://www.rapid7.com/db/vulnerabilities/vmsa-2013-0001-cve-2011-3970/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-2482/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-2517/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1763/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1182/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-2491/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1078/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-2495/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1936/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-2901/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1079/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1080/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-2519/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1780/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1166/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-2525/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1573/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-3378/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0001-cve-2011-1776/https://www.rapid7.com/db/?q=CVE-2011-0001&type=&page=2https://www.rapid7.com/db/?q=CVE-2011-0001&type=&page=3https://www.rapid7.com/db/?q=CVE-2011-0001&type=&page=2
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting and HTML-Injection Vulnerabilities in Wikiwig

Wikiwig is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize and validate user input before using it in dynamically generated content. Additionally, implementing a web application firewall (WAF) can help protect against cross-site scripting and HTML-injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46888/info

Wikiwig is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Wikiwig 5.01 is vulnerable; other versions may also be affected. 

http://www.example.com/wikiwig5.01/_wk/Xinha/plugins/SpellChecker/spell-check-savedicts.php?to_r_list=%3Cscript%3Ealert(0)%3C%2fscript%3E

Navigation

Suggest Exploit

Services By CQR