Published: 05/11/2013 Updated: 07/11/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote malicious users to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wikiwig project wikiwig 5.0.1

source: wwwsecurityfocuscom/bid/46825/info Xinha is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and ...

Source: packetstormsecurityorg/files/view/99363/wikiwig501-xsstxt ------------------------------------------------------------------------ SoftwareWikiWig 501 VulnerabilityPersistent/Reflected Cross-site Scripting Threat LevelModerate (2/5) Downloadwikiwigsourceforgenet/ Dis ...

CWE-79 http://www.osvdb.org/71070 http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html http://www.openwall.com/lists/oss-security/2013/09/01/1 http://www.exploit-db.com/exploits/16988 http://www.openwall.com/lists/oss-security/2013/09/01/3 https://nvd.nist.gov https://www.exploit-db.com/exploits/35436/

CVE-2011-5267

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect