Pages

Subscribe:

XWiki Web Application vulnerable to Cross Site Scripting


The hacker Sony discovered Cross site scripting Vulnerability in XWiki. XWiki is a free wiki software platform written in Java with a design emphasis on extensibility. XWiki Enterprise, the enterprise wiki edition, includes WYSIWYG editing, OpenOffice based document import/export, semantic annotations and tagging, and advanced permissions management

The comment box and profile page vulnerable to XSS.


Poc:
http://www.xwiki.org/xwiki/bin/view/Blog/XWikiEnterprise14RC1Released
http://www.xwiki.org/xwiki/bin/XWiki/SonyStyles

It seems that he is targeting Wiki based web applications.  In past two weeks itself, he found xss Vulnerabilities in lot of websites . He found XSS vulnerabilities in Twiki, FosWiki

source:
http://st2tea.blogspot.com/2012/02/xwiki-cross-site-scripting.html