Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-10-26T18:00:00
Updated: 2024-08-07T15:39:13.533Z
Reserved: 2007-10-26T00:00:00
Link: CVE-2007-5683
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2007-10-26T18:46:00.000
Modified: 2012-10-24T04:00:00.000
Link: CVE-2007-5683
Redhat
No data.