Lucene search
High-Tech BridgeHTB23027HistoryJun 29, 2011 - 12:00 a.m.
Cross-site Scripting (XSS) Vulnerability in Tiki Wiki CMS Groupware
2011-06-2900:00:00
High-Tech Bridge
www.htbridge.com
36
0.003 Low
EPSS
Percentile
65.6%
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Tiki Wiki CMS Groupware, which can be exploited to perform cross-site scripting attacks.
- Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware
Input passed via the GET “ajax” parameter to snarf_ajax.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser in context of an affected website. Successful exploitation requires that victim is logged-in into the application and has access to administrative interface.
Exploitation example:
http://[host]/snarf_ajax.php?url=1&ajax=%3Cscript%3Ealert%28document.cookie% 29;%3C/script%3E
| CPE | Name | Operator | Version |
|---|---|---|---|
| tiki wiki cms groupware | le | 7.0 |
Related
nvd
nvd
CVE-2011-4336
2020-01-15 14:15:11
cve
cve
CVE-2011-4336
2020-01-15 14:15:11
nuclei
nuclei
Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting
2021-07-28 00:13:33
prion
prion
Design/Logic Flaw
2020-01-15 14:15:00
cvelist
cvelist
CVE-2011-4336
2020-01-15 13:48:01