ID CVE-2005-2336 Type cve Reporter NVD Modified 2008-11-11T00:51:41
Description
Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2336", "history": [], "references": ["http://jvn.jp/en/jp/JVN38138980/index.html", "http://hikiwiki.org/en/advisory20050804.html", "http://www.securityfocus.com/bid/15021"], "lastseen": "2016-09-03T05:38:17", "bulletinFamily": "NVD", "title": "CVE-2005-2336", "cpe": ["cpe:/a:hiki:hiki:0.8.1", "cpe:/a:hiki:hiki:0.8.2", "cpe:/a:hiki:hiki:0.8.0"], "viewCount": 0, "id": "CVE-2005-2336", "hash": "4e19b169e5d5e0d0ccd77880a9f97dfc4ba2265c9e5be018fbd9251f9412c895", "description": "Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via \"missing pages\" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2005-2336"], "scanner": [], "modified": "2008-11-11T00:51:41", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2005-09-06T17:03:00", "enchantments": {"vulnersScore": 4.3}}
{"result": {"osvdb": [{"id": "OSVDB:19345", "type": "osvdb", "title": "Hiki missing pages Page Name XSS", "description": "## Vulnerability Description\nHiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate a page name when a user accesses missing pages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 0.8.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nHiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate a page name when a user accesses missing pages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://hikiwiki.org/\n[Vendor Specific Advisory URL](http://hikiwiki.org/en/advisory20050804.html)\n[Secunia Advisory ID:17075](https://secuniaresearch.flexerasoftware.com/advisories/17075/)\nOther Advisory URL: http://jvn.jp/jp/JVN%2338138980\n[CVE-2005-2336](https://vulners.com/cve/CVE-2005-2336)\n", "published": "2005-08-04T22:17:55", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:19345", "cvelist": ["CVE-2005-2336"], "lastseen": "2017-04-28T13:20:15"}], "jvn": [{"id": "JVN:38138980", "type": "jvn", "title": "JVN#38138980 Hiki cross-site scripting vulnerability", "description": "\n ## Description\n\n ## Impact\n\nA remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations. \n\n ## Solution\n\n ## Products Affected\n\n * Hiki 0.8.0 - 0.8.2\n", "published": "2005-08-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://jvn.jp/en/jp/JVN38138980/index.html", "cvelist": ["CVE-2005-2803", "CVE-2005-2336"], "lastseen": "2017-03-23T17:09:43"}]}}