漏洞信息详情

jsPWiki跨站脚本漏洞

• CNNVD编号：CNNVD-200412-183
• 危害等级： 低危
  
• CVE编号： CVE-2004-1544
• 漏洞类型： 跨站脚本
• 发布时间： 2004-12-31
• 威胁类型： 远程
• 更新时间： 2005-10-20
• 厂        商： jspwiki
• 漏洞来源： Jeremy Bae at STG ...

漏洞简介

jsPWiki 2.1.120-cvs及之前版本中的Search.jsp存在跨站脚本(XSS)漏洞。远程攻击者可以像其他用户借助query参数来执行任意web脚本。

漏洞公告

The vendor has released version 2.1.123 to address this issue. Please note that this release is directly from the CVS repository from the project, and may not be stable. jsPWiki jsPWiki 2.1.120

• jsPWiki jsPWiki-latest.zip http://www.ecyrd.com/~jalkanen/jsPWiki/nightly/jsPWiki-latest.zip

• jsPWiki jsPWiki-latest.zip http://www.ecyrd.com/~jalkanen/jsPWiki/nightly/jsPWiki-latest.zip

• jsPWiki jsPWiki-latest.zip http://www.ecyrd.com/~jalkanen/jsPWiki/nightly/jsPWiki-latest.zip

参考网址

来源: XF 名称: jspwiki-query-xss(18236) 链接:http://xforce.iss.net/xforce/xfdb/18236 来源: BID 名称: 11746 链接:http://www.securityfocus.com/bid/11746 来源: SECUNIA 名称: 13285 链接:http://secunia.com/advisories/13285/ 来源: BUGTRAQ 名称: 20041124 STG Security Advisory: [SSA-20041122-11] jsPWiki XSS vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110135663220831&w=2

受影响实体

• jspwiki jspwiki:2.1.122  
• jspwiki jspwiki:2.1.121  
• jspwiki jspwiki:2.1.120  

补丁

暂无