Summary
The host is running TikiWiki and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade TikiWiki to 8.1 or later
For updates refer to http://info.tiki.org/
Insight
Multiple flaws are due to improper validation of input appended to the URL via pages 'tiki-remind_password.php','tiki-index.php', 'tiki-login_scr.php', 'tiki-admin_system.php', 'tiki-pagehistory.php' and 'tiki-removepage.php', That allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Affected
TikiWiki Version 8.0.RC1 and prior.
References
Severity
Classification
-
CVE CVE-2011-4454, CVE-2011-4455 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure