Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6097

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6097
Last Modified 19 Aug 2009 01:23:06
Published 09 Feb 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6097

Summary

Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.

Vulnerable Systems

Application

  • Wikyblog 1.2.1

  • Wikyblog 1.2.2

  • Wikyblog 1.2.3

  • Wikyblog 1.3.2

  • Wikyblog 1.4

  • Wikyblog 1.4.1

  • Wikyblog 1.4.10

  • Wikyblog 1.4.11

  • Wikyblog 1.4.12

  • Wikyblog 1.4.13

  • Wikyblog 1.4.14

  • Wikyblog 1.4.15

  • Wikyblog 1.4.2

  • Wikyblog 1.4.3

  • Wikyblog 1.4.4

  • Wikyblog 1.4.5

  • Wikyblog 1.4.6

  • Wikyblog 1.4.7

  • Wikyblog 1.4.8

  • Wikyblog 1.4.9

  • Wikyblog 1.5

  • Wikyblog 1.5.0.2

  • Wikyblog 1.5.0.3

  • Wikyblog 1.5.1

  • Wikyblog 1.5.2

  • Wikyblog 1.5.3

  • Wikyblog 1.5.4

  • Wikyblog 1.5.5

  • Wikyblog 1.5.6

  • Wikyblog 1.5.7

  • Wikyblog 1.5.7.2

  • Wikyblog 1.5.7.3

  • Wikyblog 1.5.7.4

  • Wikyblog 1.6

  • Wikyblog 1.6.1

  • Wikyblog 1.6.1.1

  • Wikyblog 1.6.1.2

  • Wikyblog 1.6.1.3

  • Wikyblog 1.6.1.4

  • Wikyblog 1.6.1.5

  • Wikyblog 1.6.1.6

  • Wikyblog 1.6.1.7

  • Wikyblog 1.6b1

  • Wikyblog 1.6b2

  • Wikyblog 1.6b3

  • Wikyblog 1.7

  • Wikyblog 1.7.0.1

  • Wikyblog 1.7.1

  • Wikyblog 1.7.1.1

  • Wikyblog 1.7.1b1

  • Wikyblog 1.7.1b2

  • Wikyblog 1.7b1

  • Wikyblog 1.7b2

  • Wikyblog 1.7b3


References

XF - wikyblog-index-xss(45603)

BID - 31525

MISC - http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html

MISC - http://sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444

SECUNIA - 32087

OSVDB - 48790


Last Updated: 27 May 2016 10:49:04