-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wed 3/5/2008 4:46 PM To: Guzdial, Mark Subject: RE: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting It appears to be a vuln in the Swiki software itself, from what I see, every wiki looks to be effected. The particular one I am looking at is (at a client) is say "XXXXX" so if I goto http://host:8000/XXXXX/1 i'll have the option to create a new entry which posts to 1.append. By inserting javascript into the textbox displayed, the application stores the data without escaping the javascript. Because of this, every time I load the http://host:8000/XXXXX/1 the javascript is executed. -- Brad Antoniewicz (O) 646.728.1493 (C) 347.801.5864 (F) 212.869.6720
_______________________________________________ Pws mailing list Pws@cc.gatech.edu https://mailman.cc.gatech.edu/mailman/listinfo/pws