VWE-2009-0047 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2009-0047
This page is a chapter in Info Known Vulnerabilities

This page has been seen 254,672 times.

- Created by
  pegasus
  on April 17, 2015
  
  Last updated by
  pegasus
  on February 16, 2017

Common Name Redirect Injection Vulnerability
VWE-ID VWE-2009-0047
Related Report None
Severity HIGH
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description HTML/Javascript injection.

Discovered May 2009
Resolved May 10, 2009
Patches Available 2.3.0
Workaround Update permissions so that untrusted users cannot edit wiki pages. Alternatively, delete all redirects from the wiki and disable the REDIRECT BB-Code.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

 Tags: vaultwiki 3 

Common Name	Redirect Injection Vulnerability
VWE-ID	VWE-2009-0047
Related Report	None
Severity	HIGH
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML/Javascript injection.
Discovered	May 2009
Resolved	May 10, 2009
Patches Available	2.3.0
Workaround	Update permissions so that untrusted users cannot edit wiki pages. Alternatively, delete all redirects from the wiki and disable the REDIRECT BB-Code.