blob: 7b9107d0076b6fd18ecdc4d25c64aff5e22f2c66 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200412-23">
<title>Zwiki: XSS vulnerability</title>
Zwiki is vulnerable to cross-site scripting attacks.
<product type="ebuild">zwiki</product>
<announced>December 21, 2004</announced>
<revised>May 22, 2006: 02</revised>
<package name="net-zope/zwiki" auto="yes" arch="*">
<unaffected range="ge">0.36.2-r1</unaffected>
<vulnerable range="lt">0.36.2-r1</vulnerable>
Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites.
Due to improper input validation, Zwiki can be exploited to perform
cross-site scripting attacks.
<impact type="low">
By enticing a user to read a specially-crafted wiki entry, an attacker
can execute arbitrary script code running in the context of the
victim's browser.
There is no known workaround at this time.
All Zwiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-zope/zwiki-0.36.2-r1&quot;</code>
<uri link="">Zwiki Bug Report</uri>
<uri link="">CVE-2004-1075</uri>
<metadata tag="requester" timestamp="Tue, 21 Dec 2004 16:09:23 +0000">
<metadata tag="bugReady" timestamp="Tue, 21 Dec 2004 16:33:56 +0000">
<metadata tag="submitter" timestamp="Tue, 21 Dec 2004 21:14:05 +0000">