CVE-2006-2473 - Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to injec

CVE-2006-2473

Summary

Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites.

References

Vulnerable Configurations

cpe:2.3:a:openwiki:openwiki:0.78:*:*:*:*:*:*:*
cpe:2.3:a:openwiki:openwiki:0.78:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-04-2024 - 00:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	18013
bugtraq	20060517 OpenWiki<--v0.78 Cross-Site Scripting 20080912 Re: OpenWiki<--v0.78 Cross-Site Scripting
misc	http://www.openwiki.com/ow.asp?OpenWikiVulnerability http://www.openwiki.com/ow.asp?XssVulnerability
sreason	920
xf	openwiki-ow-xss(26517)

Last major update

11-04-2024 - 00:40

Published

19-05-2006 - 17:02

Last modified

11-04-2024 - 00:40