Summary
This host is running TikiWiki and is prone to Multiple Cross Site Scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject arbitrary HTML codes in the context of the affected web application.
Impact Level: Application
Solution
Upgrade to TikiWiki version 2.4 or later,
For updates refer to http://info.tikiwiki.org
Insight
Multiple flaws are due to improper sanitization of user supplied input in the pages i.e. 'tiki-orphan_pages.php', 'tiki-listpages.php', 'tiki-list_file_gallery.php' and 'tiki-galleries.php' which lets the attacker conduct XSS attacks inside the context of the web application.
Affected
TikiWiki version 2.2, 2.3 and prior.
References
Severity
Classification
-
CVE CVE-2009-1204 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Solr Directory Traversal Vulnerability Jan-14
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability