5 matches found
CVE-2007-2836
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...
CVE-2007-2836
Summary (CVE-2007-2836) : The Hiki wiki engine (Ruby) versions 0.8.0–0.8.6 are affected by a directory traversal vulnerability in the session management under session.rb. An insufficiently restrictive regular expression used to validate the session ID enables a remote attacker to craft a session ...
CVE-2005-2336
Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...
CVE-2005-2336
Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...
JVN#38138980 Hiki cross-site scripting vulnerability
Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations. Solution Products...