The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name Section Injection Vulnerability VWE-ID VWE-2009-0034 Related Report None Severity HIGH Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description HTML/Javascript injection. A specially crafted H tag, containing other BB-Code as the section title that resolves to HTML containing attributes, can be stripped in such a way that the HTML tag contents are used within the section's anchor, including raw double-quote characters. When the raw quote is encountered by the browser, the anchor name may be escaped, allowing a malicious user to inject Javascript handlers on the anchor.
Beginning in 2.0.1, the anchor name additionally appears in a Javascript onclick handler in the page's table of contents. An anchor name containing a single-quote breaks out of the handler's function call, allowing for arbitrary Javascript to be appended.
Discovered January 2009 Resolved January 31, 2009 Patches Available 2.2.0 Workaround Update permissions so that untrusted users cannot edit any wiki pages.
This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
By continuing to use this site, you are consenting to our use of cookies.