http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1481
http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html
http://www.pmichaud.com/pipermail/pmwiki-users/2010-May/057389.html
The table feature of pmwiki is vulnerable to persistent cross site scripting (XSS). The value of the width-parameter is not proberly escaped on output, so one can put quotes in it. This makes it possible to use a JavaScript event handler inside the first table field to inject code.
Example:
||width=" || " onMouseOver=alert(1) " ||test||
The vendor has been contacted, but has not replied to my report.
2010-04-19: Vendor contacted
2010-05-07: Published advisory
2010-05-09: Vendor releases 2.2.16
This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of schokokeks.org webhosting.