This report has been duplicated across several sites, some of which to not list the reported pages. The Secunia report has a list of pages that can be tested and these are all now handled correctly
bitweaver Multiple Cross-Site Scripting Vulnerabilities
[http://secunia.com/advisories/32014|Secunia Advisory: SA32014]
Example of exploit:
++yellow:(:exclaim:) A suitable example of that was used to test would be nice ... <script>alert('hi!');</script> is being used for test purposes.++
As the problem has been addressed within the core processing of bitweaver, it is not anticipated that other pages would not be processed in the same way.
* [http://www.bitweaver.org/articles/edit.php/<script>alert('hi!');</script>|articles/edit.php]
* [articles/list.php?<script>alert('hi!');</script>|articles/list.php]
* [blogs/list_blogs.php/<script>alert('hi!');</script>|blogs/list_blogs.php]
* [blogs/rankings.php/<script>alert('hi!');</script>|blogs/rankings.php]
* [calendar/index.php/<script>alert('hi!');</script>|calendar/index.php]
* [events/calendar.php/<script>alert('hi!');</script>|events/calendar.php]
* [events/index.php/<script>alert('hi!');</script>|events/index.php]
* [events/list_events.php/<script>alert('hi!');</script>|events/list_events.php]
* [fisheye/index.php/<script>alert('hi!');</script>|fisheye/index.php]
* [fisheye/list_galleries.php/<script>alert('hi!');</script>|fisheye/list_galleries.php]
* [liberty/list_content.php/<script>alert('hi!');</script>|liberty/list_content.php]
* [newsletters/edition.php/<script>alert('hi!');</script>|newsletters/edition.php]
* [pigeonholes/list.php/<script>alert('hi!');</script>|pigeonholes/list.php]
* [recommends/index.php/<script>alert('hi!');</script>|recommends/index.php]
* [rss/index.php/<script>alert('hi!');</script>|rss/index.php]
* [stars/index.php/<script>alert('hi!');</script>|stars/index.php]
* [users/remind_password.php/<script>alert('hi!');</script>|users/remind_password.php]
* [wiki/orphan_pages.php/<script>alert('hi!');</script>|wiki/orphan_pages.php]
* [stats/index.php/<script>alert('hi!');</script>|stats/index.php]
bitweaver Multiple Cross-Site Scripting Vulnerabilities
[http://secunia.com/advisories/32014|Secunia Advisory: SA32014]
Example of exploit:
++yellow:(:exclaim:) A suitable example of that was used to test would be nice ... <script>alert('hi!');</script> is being used for test purposes.++
As the problem has been addressed within the core processing of bitweaver, it is not anticipated that other pages would not be processed in the same way.
* [http://www.bitweaver.org/articles/edit.php/<script>alert('hi!');</script>|articles/edit.php]
* [articles/list.php?<script>alert('hi!');</script>|articles/list.php]
* [blogs/list_blogs.php/<script>alert('hi!');</script>|blogs/list_blogs.php]
* [blogs/rankings.php/<script>alert('hi!');</script>|blogs/rankings.php]
* [calendar/index.php/<script>alert('hi!');</script>|calendar/index.php]
* [events/calendar.php/<script>alert('hi!');</script>|events/calendar.php]
* [events/index.php/<script>alert('hi!');</script>|events/index.php]
* [events/list_events.php/<script>alert('hi!');</script>|events/list_events.php]
* [fisheye/index.php/<script>alert('hi!');</script>|fisheye/index.php]
* [fisheye/list_galleries.php/<script>alert('hi!');</script>|fisheye/list_galleries.php]
* [liberty/list_content.php/<script>alert('hi!');</script>|liberty/list_content.php]
* [newsletters/edition.php/<script>alert('hi!');</script>|newsletters/edition.php]
* [pigeonholes/list.php/<script>alert('hi!');</script>|pigeonholes/list.php]
* [recommends/index.php/<script>alert('hi!');</script>|recommends/index.php]
* [rss/index.php/<script>alert('hi!');</script>|rss/index.php]
* [stars/index.php/<script>alert('hi!');</script>|stars/index.php]
* [users/remind_password.php/<script>alert('hi!');</script>|users/remind_password.php]
* [wiki/orphan_pages.php/<script>alert('hi!');</script>|wiki/orphan_pages.php]
* [stats/index.php/<script>alert('hi!');</script>|stats/index.php]