VWE-2015-1636 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2015-1636
This page is a chapter in Info Known Vulnerabilities

This page has been seen 283,191 times.

- Created by
  pegasus
  on October 14, 2015
  
  Last updated by
  pegasus
  on February 16, 2017

Common Name Plagiarizer Vulnerability
VWE-ID VWE-2015-1636
Related Report None
Severity HIGH
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description HTML/Javascript injection via Permissions escalation.

Discovered October 12, 2015
Resolved October 14, 2015
Patches Available 4.0.6 Patch Level 3
4.0.5 Patch Level 3
4.0.4 Patch Level 3
4.0.3 Patch Level 3
4.0.2 Patch Level 6
4.0.1 Patch Level 9
4.0.0 Patch Level 8
4.0.0 RC 5 Patch Level 7
4.0.0 RC 4 Patch Level 8
Workaround Modify permissions so that no users may post HTML in comments.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Plagiarizer Vulnerability
VWE-ID	VWE-2015-1636
Related Report	None
Severity	HIGH
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML/Javascript injection via Permissions escalation.
Discovered	October 12, 2015
Resolved	October 14, 2015
Patches Available	4.0.6 Patch Level 3 4.0.5 Patch Level 3 4.0.4 Patch Level 3 4.0.3 Patch Level 3 4.0.2 Patch Level 6 4.0.1 Patch Level 9 4.0.0 Patch Level 8 4.0.0 RC 5 Patch Level 7 4.0.0 RC 4 Patch Level 8
Workaround	Modify permissions so that no users may post HTML in comments.