Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-1229

Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.

Related bugs and status

CVE-2008-1229 (Candidate) is related to these bugs:

Bug #202750: Directory traversal, XSS, arbitrary code execution vulnerabilities

Summary				In	Importance	Status
	202750	Directory traversal, XSS, arbitrary code execution vulnerabilities		jspwiki (Ubuntu)	High	Fix Released
	202750	Directory traversal, XSS, arbitrary code execution vulnerabilities		jspwiki (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 27785
SECUNIA: 28969
BUGTRAQ: 20080213 JSPWiki Multi...
MISC: http://www.bugsec.com/...
XF: jspwiki-edit-xss(40507)
EXPLOIT-DB: 5112