CVE-2006-2635
Published May 30, 2006
Last updated 6 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B13501C0-3322-4D0C-8F7F-12535C76CB69"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FB63DA4-E9B5-4BDF-A4E5-54F4EE4E94AA"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADE04A29-E90B-41E1-A8B4-462B54C079B4"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2540703B-63B8-41F4-A17A-0274A7DE7E63"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1489E8DC-11E7-49A3-84FF-909954147D01"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "035EEFAB-B46C-407F-BF8C-B33756D4EEC3"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "127349FA-B76D-402A-B688-F2F44024FA11"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A2EA0C8-D400-4981-9675-6A02184117C1"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECB1097C-612D-445C-AB29-DD2C6F21174C"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "175D43FD-450F-443E-831B-B8091BE7054F"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F437662-CD55-477B-9FEE-0CC4E6CB908D"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB235741-1FDA-4C90-BD6A-22D18D57D240"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62C09D81-AA53-4E82-BEA6-D321D95D2E0F"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CE1CDD1-27F1-456C-933E-24219E6190CC"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50BC0034-F043-41EC-AF00-E3DC739A31F7"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85FFFB16-913A-49F4-8AEA-A104EC1D8BA6"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "545E77A4-B1E2-43FB-93A9-2BDCD71E809D"
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.9.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "306F2A3B-EFFE-49E1-95BC-19F688830DBE"
}
],
"operator": "OR"
}
]
}
]