Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31659
HistoryJan 25, 2015 - 12:00 a.m.

CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability

2015-01-2500:00:00
vulners.com
28
JSON

CVE-2015-1032

A cross-site scripting vulnerability in the "Kiwix" zim file reader was
discovered by Emmanuel Engelhart on 31 October 2014, and was reported on
Sourceforge here: http://sourceforge.net/p/kiwix/bugs/763/

This vulnerability does not affect most users of the program, only those
using the "kiwix-serve" binary to allow zim files to be read over a network.

Input to the search bar was not sanitised, thus allowing arbitrary
javascript code to be sent via servers running this program.

This image shows a proof of concept:
http://sourceforge.net/p/kiwix/bugs/763/attachment/ppdhmq.png

This vulnerability was fixed by Emmanuel Engelhart on 8 January 2015
with this commit:
http://sourceforge.net/p/kiwix/kiwix/ci/d1af5f0375c6db24d4071acf4806735725fd206e

Related

cve 1
openvas 1
prion 1
ubuntucve 1
debiancve 1
securityvulns 1
cve
cve
CVE-2015-1032
2015-01-21 15:28:00
openvas
openvas
Kiwix Server 'pattern' Parameter Cross-Site Scripting Vulnerability
2015-01-28 00:00:00
prion
prion
Cross site scripting
2015-01-21 15:28:00
ubuntucve
ubuntucve
CVE-2015-1032
2015-01-21 00:00:00
debiancve
debiancve
CVE-2015-1032
2015-01-21 15:28:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-01-25 00:00:00
JSON
Related for SECURITYVULNS:DOC:31659
cve1openvas1prion1ubuntucve1debiancve1securityvulns1