Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-26T18:00:00

Updated: 2024-08-07T15:39:13.533Z

Reserved: 2007-10-26T00:00:00

Link: CVE-2007-5683

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2007-10-26T18:46:00.000

Modified: 2012-10-24T04:00:00.000

Link: CVE-2007-5683

cve-icon Redhat

No data.