WikkaWiki Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running WikkaWiki and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to WikkaWiki 1.3.4-p1 or later, For updates refer to http://www.wikkawiki.org

Insight

Input passed via 'wakka' parameter to 'wikka.php' script is not properly sanitised before being returned to the user.

Affected

WikkaWiki 1.3.4 and probably prior.

Detection

Send a crafted data via HTTP GET request and check whether it is able to read the cookie or not.

References

http://seclists.org/bugtraq/2013/Sep/47
http://secunia.com/advisories/54790
http://www.osvdb.com/97183
https://www.htbridge.com/advisory/HTB23170

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5586

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

/cgi-bin directory browsable ?
Allaire JRun directory browsing vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
@Mail WebMail Email Body HTML Injection Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities