FreeBSD : fswiki -- XSS problem in file upload form (84479a62-ca5f-11d9-b772-000c29b00e99)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A Secunia security advisory reports :

A vulnerability has been reported in FreeStyle Wiki and FSWikiLite,
which can be exploited by malicious people to conduct script insertion
attacks.

Input passed in uploaded attachments is not properly sanitised before
being used. This can be exploited to inject arbitrary HTML and script
code, which will be executed in a user's browser session in context of
an affected site when the malicious attachment is viewed.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=81520
http://www.nessus.org/u?e7ef0323
http://www.nessus.org/u?305779f6
http://www.nessus.org/u?68b60f93

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19011 (freebsd_pkg_84479a62ca5f11d9b772000c29b00e99.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1799

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now