TikiWiki Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running TikiWiki and is prone to Multiple Cross Site Scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to inject arbitrary HTML codes in the context of the affected web application. Impact Level: Application

Solution

Upgrade to TikiWiki version 2.4 or later, For updates refer to http://info.tikiwiki.org

Insight

Multiple flaws are due to improper sanitization of user supplied input in the pages i.e. 'tiki-orphan_pages.php', 'tiki-listpages.php', 'tiki-list_file_gallery.php' and 'tiki-galleries.php' which lets the attacker conduct XSS attacks inside the context of the web application.

Affected

TikiWiki version 2.2, 2.3 and prior.

References

http://info.tikiwiki.org/tiki-read_article.php?articleId=51
http://secunia.com/advisories/34273

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1204

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Apache Archiva Multiple Vulnerabilities
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities