skip to main |
skip to sidebar
XWiki Web Application vulnerable to Cross Site Scripting
The hacker Sony discovered Cross site scripting Vulnerability in XWiki. XWiki is a free wiki software platform written in Java with a design emphasis on extensibility. XWiki Enterprise, the enterprise wiki edition, includes WYSIWYG editing, OpenOffice based document import/export, semantic annotations and tagging, and advanced permissions managementThe comment box and profile page vulnerable to XSS.
Poc:http://www.xwiki.org/xwiki/bin/view/Blog/XWikiEnterprise14RC1Releasedhttp://www.xwiki.org/xwiki/bin/XWiki/SonyStylesIt seems that he is targeting Wiki based web applications. In past two weeks itself, he found xss Vulnerabilities in lot of websites . He found XSS vulnerabilities in Twiki, FosWikisource:http://st2tea.blogspot.com/2012/02/xwiki-cross-site-scripting.html
