Vulnerabilities > CVE-2004-2624 - Cross-Site Scripting vulnerability in Wackowiki R3/R3.5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | CGI abuses : XSS |
NASL id | WACKOWIKI_XSS.NASL |
description | The remote host seems to be running the WackoWiki CGI suite. Based on the version information gathered by Nessus, this instance of WackoWiki may be vulnerable to a remote authentication attack. Exploitation of this vulnerability may allow for theft of cookie-based authentication credentials and cross-site scripting attacks. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14230 |
published | 2004-08-09 |
reporter | This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/14230 |
title | WackoWiki TextSearch phrase Parameter XSS |
code |
|