4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
49.6%
Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and
earlier allow remote attackers to inject arbitrary web script or HTML via
(1) the username parameter to the password reminder page
(tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the
local_php parameter to db/tiki-db.php.