9 lines
No EOL
618 B
Text
9 lines
No EOL
618 B
Text
source: http://www.securityfocus.com/bid/20976/info
|
|
|
|
Speedywiki is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include an arbitrary file-upload vulnerability and a cross-site scripting vulnerability.
|
|
|
|
An attacker may leverage these issues to upload and execute arbitrary code within the context of the affected webserver and to steal cookie-based authentication credentials. Other attacks are also possible.
|
|
|
|
Versions prior to 2.2 is vulnerable to this issue.
|
|
|
|
http://www.example.com/index.php?showRevisions=[xss] |