CVE-2007-5120
Published: 27 September 2007
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
Notes
Author | Note |
---|---|
jdstrand | version 2.2 (as in Ubuntu) may not be afected |
Priority
Status
Package | Release | Status |
---|---|---|
jspwiki Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(2.5.139-1)
|
|
intrepid |
Released
(2.5.139-1)
|
|
jaunty |
Released
(2.5.139-1)
|
|
karmic |
Released
(2.5.139-1)
|
|
upstream |
Released
(2.5.139)
|