No description provided by source.
Vendor: info.tiki.org ( http://info.tiki.org ) Vulnerable Version: 7.0 and probably prior Tested on: 7.0 High-Tech Bridge SA Security Research Lab has discovered vulnerability in Tiki Wiki CMS Groupware, which can be exploited to perform cross-site scripting attacks. Input passed via the GET "ajax" parameter to snarf_ajax.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website. The following PoC code is available: http://[host]/snarf_ajax.php?url=1&ajax=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E