Title: Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities Vendor URL: http://wiki.squeak.org/swiki Vendor Contacted: Yes Description: Multiple stored and reflective cross-site scripting vulnerabilities were identified in Swiki 1.5. Reflective (example): http://[host]:8000/ Stored (example): On posts to 1.append when adding new entries into the wiki, the application does not properly escape javascript code resulting in a stored cross-site scripting attack. Credit: Brad Antoniewicz brad.antoniewicz@foundstone.com