•  
      request #11061 XSS through wiki attachment
    Infos
    #11061
    Thomas Gerbet (tgerbet)
    2018-03-05 18:19
    2018-01-31 10:38
    11388
    Details
    XSS through wiki attachment

    XSS can be injected via a wiki attachment.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSSv3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

    Exploitation

    Add a wiki attachment named xss.html with the following content: <html><body><script>alert(1)</script></body></html>

    References

    CWE 79
    OWASP Cross-site Scripting

    Doc/Wiki
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-02-01
    Attachments
    Empty
    References

    Follow-ups