CVE-2007-5120
CVE-2007-5120
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
Affected products
n/a · n/apublic PoCs found — 6
exploitdbwww.exploit-db.com/exploits/30610unverifiedexploitdbwww.exploit-db.com/exploits/30613unverifiedexploitdbwww.exploit-db.com/exploits/30609unverifiedexploitdbwww.exploit-db.com/exploits/30612unverifiedexploitdbwww.exploit-db.com/exploits/30608unverifiedexploitdbwww.exploit-db.com/exploits/30611unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/066096.htmlhttp://secunia.com/advisories/26961http://securityreason.com/securityalert/3167https://exchange.xforce.ibmcloud.com/vulnerabilities/36766http://www.ecyrd.com/~jalkanen/JSPWiki/2.4.104/ChangeLoghttp://www.securityfocus.com/archive/1/480570/100/0/threadedhttp://www.securityfocus.com/bid/25803