Security
Security
Zwiki is vulnerable to cross-site scripting attacks.
| Package | net-zope/zwiki on all architectures |
|---|---|
| Affected versions | < 0.36.2-r1 |
| Unaffected versions | >= 0.36.2-r1 |
Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites.
Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks.
By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script code running in the context of the victim's browser.
There is no known workaround at this time.
All Zwiki users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-zope/zwiki-0.36.2-r1"
Release date
December 21, 2004
Latest revision
May 22, 2006: 02
Severity
low
Exploitable
remote
Bugzilla entries