Intrusion Prevention

PmWiki.Search.XSS

Description

A cross-site scripting (XSS) vulnerability in the Search module, in PmWiki up to 2.0.12, allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Affected Products

PmWiki version 2.0 through 2.0.12

Impact

Arbitrary web script or HTML execution.

Recommended Actions

Upgrade to PmWiki version 2.0.13 :
http://www.pmwiki.org/pub/pmwiki/

CVE References

CVE-2005-3849