CVE-2004-1075

Name of the Vulnerable Software and Affected Versions: Zwiki versions 0.10.0rc1 through 0.36.2

Description: A cross-site scripting issue exists due to improper cleansing of a malformed URL when generating an error message in the standard error message.dtml file. This allows remote attackers to inject arbitrary HTML and web script.

Recommendations: For Zwiki versions 0.10.0rc1 through 0.36.2, update to a version that properly sanitizes URLs to prevent the injection of malicious scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.