On Monday 10 May 2010 01:50:08, Tegan Dowling wrote : > On Sun, May 9, 2010 at 6:45 PM, Petko Yotov <5...@free.fr> wrote: > > Indeed, that's a way to insert potentially harmful JavaScripts in the > > page. I > > have immediately fixed it and just released version 2.2.16. > > Did that vulnerability exist in all previous versions of PmWiki?
Yes, it did. > Am I right > in thinking that it would not be a problem, in practice, in a wiki that was > 'locked down' for editing by only a trusted few -- i.e. that one must have > edit access to at least one page of the site in order to insert the > malicious code? You are right, a potential attacker needs to have edit permissions. Petko _______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
