[pmwiki-devel] Real vulnerability?

Tegan Dowling tmdowling at gmail.com
Sun May 9 18:50:08 CDT 2010


 On Sun, May 9, 2010 at 6:45 PM, Petko Yotov <5ko at free.fr> wrote:

> On Sunday 09 May 2010 23:33:20, kirpi at kirpi.it wrote :
> > Just found: http://twitter.com/mushy99/statuses/13634155996
> > Is it of any interest?
> >
>
> Indeed, that's a way to insert potentially harmful JavaScripts in the page.
> I
> have immediately fixed it and just released version 2.2.16.
>

Did that vulnerability exist in all previous versions of PmWiki? Am I right
in thinking that it would not be a problem, in practice, in a wiki that was
'locked down' for editing by only a trusted few -- i.e. that one must have
edit access to at least one page of the site in order to insert the
malicious code?

Thanks, as always, for everything you do!

Tegan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-devel/attachments/20100509/1f3e21ca/attachment.html>


More information about the pmwiki-devel mailing list