Zwiki: XSS vulnerability — GLSA 200412-23

Zwiki is vulnerable to cross-site scripting attacks.

Affected packages

Package 	net-zope/zwiki on all architectures
Affected versions 	< 0.36.2-r1
Unaffected versions 	>= 0.36.2-r1

Background

Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites.

Description

Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks.

Impact

By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script code running in the context of the victim's browser.

Workaround

There is no known workaround at this time.

Resolution

All Zwiki users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-zope/zwiki-0.36.2-r1"

References

    Zwiki Bug Report
    CVE-2004-1075