Zwiki: XSS vulnerability — GLSA 200412-23

Zwiki is vulnerable to cross-site scripting attacks.

Affected Packages

net-zope/zwiki on all architectures
Affected versions < 0.36.2-r1
Unaffected versions >= 0.36.2-r1

Background

Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites.

Description

Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks.

Impact

By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script code running in the context of the victim's browser.

Workaround

There is no known workaround at this time.

Resolution

All Zwiki users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-zope/zwiki-0.36.2-r1"

References

Release Date
December 21, 2004

Latest Revision
May 22, 2006: 02

Severity
low

Exploitable
remote

Bugzilla entries