Vulnerabilities > CVE-2006-2473 - Unspecified vulnerability in Openwiki 0.78
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN openwiki
exploit available
Summary
Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Open Wiki 0.78 'ow.asp' Cross-Site Scripting Vulnerability. CVE-2006-2473. Webapps exploit for asp platform |
| id | EDB-ID:27890 |
| last seen | 2016-02-03 |
| modified | 2006-05-17 |
| published | 2006-05-17 |
| reporter | LiNuX_rOOt |
| source | https://www.exploit-db.com/download/27890/ |
| title | Open Wiki 0.78 - 'ow.asp' Cross-Site Scripting Vulnerability |
References
- http://www.securityfocus.com/bid/18013
- http://securityreason.com/securityalert/920
- http://www.openwiki.com/ow.asp?XssVulnerability
- http://www.openwiki.com/ow.asp?OpenWikiVulnerability
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26517
- http://www.securityfocus.com/archive/1/496294/100/0/threaded
- http://www.securityfocus.com/archive/1/434295/100/0/threaded