PT-2006-3875 · Labwiki · Labwiki

Steven M. Christey

Published

2006-06-12

Updated

2018-10-18

CVE-2006-2968

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions LabWiki version 1.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the query parameter in the search input box of the search.php file.

Recommendations For LabWiki version 1.0, consider validating and sanitizing user input for the query parameter in the search.php file to prevent XSS attacks. As a temporary workaround, restrict access to the search functionality until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2968

Affected Products

Labwiki

PT-2006-3875 · Labwiki · Labwiki

CVE-2006-2968

Related Identifiers

Affected Products

References · 8