Vulnerabilities > CVE-2005-4644 - HTML Injection vulnerability in Edgewall Software Trac 0.9.2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
edgewall-software
nessus
NVD
Published: 2005-12-31
Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.

Vulnerable Configurations

Part Description Count
Application
Edgewall_Software
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-951.NASL
descriptionThis update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update. For completeness please find below the original advisory text : Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4065 Due to missing input sanitising it is possible to inject arbitrary SQL code into the SQL statements. - CVE-2005-4644 A cross-site scripting vulnerability has been discovered that allows remote attackers to inject arbitrary web script or HTML.
last seen2020-06-01
modified2020-06-02
plugin id22817
published2006-10-14
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22817
titleDebian DSA-951-2 : trac - missing input sanitising
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-951. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(22817);
  script_version("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:20");

  script_cve_id("CVE-2005-4065", "CVE-2005-4644");
  script_bugtraq_id(15720, 16198);
  script_xref(name:"DSA", value:"951");

  script_name(english:"Debian DSA-951-2 : trac - missing input sanitising");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update corrects the search feature in trac, an enhanced wiki and
issue tracking system for software development projects, which broke
with the last security update. For completeness please find below the
original advisory text :

  Several vulnerabilities have been discovered in trac, an enhanced
  wiki and issue tracking system for software development projects.
  The Common Vulnerabilities and Exposures project identifies the
  following problems :

    - CVE-2005-4065
      Due to missing input sanitising it is possible to
      inject arbitrary SQL code into the SQL statements.

    - CVE-2005-4644
      A cross-site scripting vulnerability has been
      discovered that allows remote attackers to inject
      arbitrary web script or HTML."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4065"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2005-4644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-951"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the trac package.

The old stable distribution (woody) does not contain trac packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.8.1-3sarge4."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:trac");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"trac", reference:"0.8.1-3sarge4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References