Summary
This host is running JAMWiki and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to JAMWiki version 1.1.6 or later,
For updates refer to http://jamwiki.org/wiki/en/JAMWiki
Insight
The flaw is due to an improper validation of user-supplied input to the 'num' parameter in Special:AllPages, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Affected
JAMWiki versions prior to 1.1.6
References
Severity
Classification
-
CVE CVE-2012-1983 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities