Description
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/28954
References (7)
Core 7
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4485
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20996
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20988
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22793
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30167
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2144
Scores
EPSS
0.0894
EPSS Percentile
92.6%
Details
Status
published
Products (5)
bitweaver/bitweaver
1.1
bitweaver/bitweaver
1.1.1_beta
bitweaver/bitweaver
1.2.1
bitweaver/bitweaver
1.3
bitweaver/bitweaver
1.3.1
Published
Jan 13, 2007
Tracked Since
Feb 18, 2026