JSPWiki跨站脚本漏洞

漏洞信息详情

JSPWiki跨站脚本漏洞

• CNNVD编号：CNNVD-200412-183
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1544
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  jspwiki
• 漏洞来源：
  Jeremy Bae at STG …

JSPWiki 2.1.120-cvs及之前版本中的Search.jsp存在跨站脚本(XSS)漏洞。远程攻击者可以像其他用户借助query参数来执行任意web脚本。

The vendor has released version 2.1.123 to address this issue. Please note that this release is directly from the CVS repository from the project, and may not be stable.
JSPWiki JSPWiki 2.1.120

• JSPWiki JSPWiki-latest.zip
  
  http://www.ecyrd.com/~jalkanen/JSPWiki/nightly/JSPWiki-latest.zip

JSPWiki JSPWiki 2.1.121

• JSPWiki JSPWiki-latest.zip
  
  http://www.ecyrd.com/~jalkanen/JSPWiki/nightly/JSPWiki-latest.zip

JSPWiki JSPWiki 2.1.122

• JSPWiki JSPWiki-latest.zip
  
  http://www.ecyrd.com/~jalkanen/JSPWiki/nightly/JSPWiki-latest.zip

来源: XF
名称: jspwiki-query-xss(18236)
链接:http://xforce.iss.net/xforce/xfdb/18236

来源: BID
名称: 11746
链接:http://www.securityfocus.com/bid/11746

来源: SECUNIA
名称: 13285
链接:http://secunia.com/advisories/13285/

来源: BUGTRAQ
名称: 20041124 STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110135663220831&w=2