JAMWiki 'message' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running JAMWiki and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to JAMWiki version 0.8.4 or later. For updates refer to http://jamwiki.org/wiki/en/JAMWiki

Insight

The flaw is caused by improper validation of user-supplied input to the 'message' parameter via Special:Login in error.jsp, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

JAMWiki versions prior to 0.8.4

References

http://jamwiki.svn.sourceforge.net/viewvc/jamwiki/wiki/branches/0.8.x/jamwiki-war/src/main/webapp/CHANGELOG.txt?view=markup&revision=2995
http://osvdb.org/63564
http://secunia.com/advisories/39335
http://xforce.iss.net/xforce/xfdb/57630

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-5054

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Afian 'includer.php' Directory Traversal Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
Adobe JRun Management Console Multiple Vulnerabilities

Take action and discover your vulnerabilities