Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #10228 XSS in the Google Maps plugin of PHPWiki
    Actions
    Infos
    #10228
    Thomas Gerbet (tgerbet)
    2017-06-12 08:54
    2017-05-16 16:24
    10493
    Details
    XSS in the Google Maps plugin of PHPWiki

    A XSS can be injected into wiki page by using the Google Maps plugin.

    Impact

    An attacker could use this vulnerability to force a victim to execute uncontrolled code.
    CVSSv3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

    Exploitation

    1. Create a wiki page with the following content <?plugin GoogleMaps Longitude=</script><script>alert(1)</script> Latitude=0 ?>
    2. Access the page the newly created wiki page

    References

    CWE 79
    OWASP Cross-site Scripting

    Doc/Wiki
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2017-05-17
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #10116 Tuleap Releases 9.8 Delivered 2017-05-29 12:23 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #10228

    Artifact Tracker v5

    request #10282 Remove the broken Google plugin of PHPWiki

    Git commit

    tuleap/tuleap/stable

    Remove PHPWiki Google Maps plugin e8627b15f2
    User avatar Thomas Gerbet (tgerbet) , 2017-05-16 16:42
    Referenced by request #10228

    Artifact Tracker v5

    rel #10116 9.8

    Other

    gerrit #8407
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2017-05-30 09:05
    Adding planned disclosure date.

    Issue has been fixed in PHPWiki by the maintainer, see revision 10007 in the PHPWiki source code repo on Sourceforge.
    User avatar
    Thomas Gerbet (tgerbet)2017-05-18 14:50
    Marc-Etienne Vargenau has acknowledged the initial contact, full vulnerability details has been transmitted.
    User avatar
    Thomas Gerbet (tgerbet)2017-05-17 15:05
    For information, the vulnerability is also present upstream. No way to report security issues is given on the Sourceforge project pages [1], I have tried to reach out directly to Marc-Etienne Vargenau which seem to be the last active maintainer. Waiting for a response.



    [1] https://sourceforge.net/projects/phpwiki/