Lucene search

K
nvd[email protected]NVD:CVE-2007-5683
HistoryOct 26, 2007 - 6:46 p.m.

CVE-2007-5683

2007-10-2618:46:00
CWE-79
web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

49.6%

Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php.

Affected configurations

NVD
Node
tikitikiwiki_cms\/groupwareRange1.9.8.1
OR
tikitikiwiki_cms\/groupwareMatch1.6.1
OR
tikitikiwiki_cms\/groupwareMatch1.9.0
OR
tikitikiwiki_cms\/groupwareMatch1.9.0rc1
OR
tikitikiwiki_cms\/groupwareMatch1.9.0rc2
OR
tikitikiwiki_cms\/groupwareMatch1.9.0rc3
OR
tikitikiwiki_cms\/groupwareMatch1.9.1
OR
tikitikiwiki_cms\/groupwareMatch1.9.2
OR
tikitikiwiki_cms\/groupwareMatch1.9.3
OR
tikitikiwiki_cms\/groupwareMatch1.9.4
OR
tikitikiwiki_cms\/groupwareMatch1.9.5
OR
tikitikiwiki_cms\/groupwareMatch1.9.6
OR
tikitikiwiki_cms\/groupwareMatch1.9.7
OR
tikitikiwiki_cms\/groupwareMatch1.9.8

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

49.6%