FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fswiki -- XSS problem in file upload form

Affected packages
fswiki <= 3.5.6

Details

VuXML ID 84479a62-ca5f-11d9-b772-000c29b00e99
Discovery 2005-05-19
Entry 2005-05-29
Modified 2005-06-01

A Secunia security advisory reports:

A vulnerability has been reported in FreeStyle Wiki and FSWikiLite, which can be exploited by malicious people to conduct script insertion attacks.

Input passed in uploaded attachments is not properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious attachment is viewed.

References

CVE Name CVE-2005-1799
FreeBSD PR ports/81520
URL http://fswiki.poi.jp/wiki.cgi?page=%CD%FA%CE%F2%2F2005%2D5%2D19
URL http://jvn.jp/jp/JVN%23465742E4/index.html
URL http://secunia.com/advisories/15538