TikiWiki URL Multilple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is running TikiWiki and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade TikiWiki to 8.1 or later For updates refer to http://info.tiki.org/

Insight

Multiple flaws are due to improper validation of input appended to the URL via pages 'tiki-remind_password.php','tiki-index.php', 'tiki-login_scr.php', 'tiki-admin_system.php', 'tiki-pagehistory.php' and 'tiki-removepage.php', That allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

TikiWiki Version 8.0.RC1 and prior.

References

http://packetstormsecurity.org/files/107002/sa46740.txt
http://packetstormsecurity.org/files/107082/INFOSERVE-ADV2011-01.txt
http://secunia.com/advisories/46740/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4454, CVE-2011-4455

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat DOS Device Name XSS
123 Flash Chat Multiple Security Vulnerabilities
Apache Tomcat Information Disclosure Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities