CVE-2011-5267
published 2013-11-05CVE-2011-5267: Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.87%
76.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wikiwig_project | wikiwig | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WikiWig 5.01 - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2011-03-16
CVE-2011-5267 WikiWig 5.01 - Multiple Cross-Site Scripting Vulnerabilities
WikiWig 5.01 - Multiple Cross-Site Scripting Vulnerabilities
---
Source: http://packetstormsecurity.org/files/view/99363/wikiwig501-xss.txt
Software................WikiWig 5.01
Vulnerability...........Persistent/Reflected Cross-site Scripting
Threat Level............Moderate (2/5)
Download................http://wikiwig.sourceforge.net/
Disclosure Date.........3/10/2011
Tested On...............Windows Vista + XAMPP
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch
--Description--
A persistent/reflected cross-site scripting vulnerability in WikiWig
5.01 can be exploited to execute arbitrary JavaScript.
--PoC--
Reflected:
http://localhost/wikiwig5.01/_wk/Xinha/plugins/SpellChecker/spell-check-savedicts.php?t
Exploit-DB
Xinha 0.96 - 'spell-check-savedicts.php' Multiple HTML Injection Vulnerabilities
exploitdb·2011-03-10
CVE-2011-5267 Xinha 0.96 - 'spell-check-savedicts.php' Multiple HTML Injection Vulnerabilities
Xinha 0.96 - 'spell-check-savedicts.php' Multiple HTML Injection Vulnerabilities
---
source: https://www.securityfocus.com/bid/46825/info
Xinha is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Xinha 0.96.1 is vulnerable; prior versions may also be affected. Note that applications that use vulnerable versions of Xinha may also be affected.
http://www.example.com/wikiwig5.01/_wk/Xinha/plugins/SpellChecker/spell-check-savedicts.php?to_r_list=%3Cscript%3Ealert(0)%3C%2fs
Bugzilla
CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities [epel-5]
bugzilla·2013-11-05·CVSS 4.3
CVE-2011-5267 [MEDIUM] CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities [epel-5]
CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug for
Bugzilla
CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities
bugzilla·2013-11-05·CVSS 4.3
CVE-2011-5267 [MEDIUM] CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities
CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5267 to
the following vulnerability:
Name: CVE-2011-5267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5267
Assigned: 20131105
Reference: EXPLOIT-DB:16988
Reference: http://www.exploit-db.com/exploits/16988
Reference: http://www.openwall.com/lists/oss-security/2013/09/01/1
Reference: http://www.openwall.com/lists/oss-security/2013/09/01/3
Reference: http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html
Reference: OSVDB:71070
Reference: http://www.osvdb.org/71070
Multiple cross-site scripting (XSS) vulnerabilities in
spell-check-savedicts.php in the SpellChecker module in Xinha, as used
in Wi
http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.htmlhttp://www.exploit-db.com/exploits/16988http://www.openwall.com/lists/oss-security/2013/09/01/1http://www.openwall.com/lists/oss-security/2013/09/01/3http://www.osvdb.org/71070http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.htmlhttp://www.exploit-db.com/exploits/16988http://www.openwall.com/lists/oss-security/2013/09/01/1http://www.openwall.com/lists/oss-security/2013/09/01/3http://www.osvdb.org/71070
2013-11-05
Published