CVE-2011-4551

Published Oct 1, 2012

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B46BEABB-4839-4D11-AF0C-E2E7CA5190BA",
            "versionEndIncluding": "8.1"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5160514-D8C3-458A-B3A6-24CD4FB96BD2"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "481CEC51-C828-4AB7-9745-824B5D529D40"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD3F664D-C59E-4033-805B-BB3C85528091"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "457AEABE-F6C1-459A-883E-4D4F0DD8D441"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4401BA0E-5F63-405C-8C42-C2E1E4C45306"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69930A94-2008-4259-B2BE-BD159B1FD6FC"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A4DB362-E012-4A97-8EA4-9589D2811C3C"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EC5B2D3-63D9-414D-92C2-4423CA525C22"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03BE8241-0A3F-48E5-9917-D22CC187F650"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC898854-88D0-44F7-A742-30956E99F879"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69CBF74D-A845-4461-8673-B3616339BD23"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74F3472D-158E-439A-BBAA-9DB8677C97B9"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "197A8FDC-2474-4FB8-80E1-10A898D4CDCD"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "395EC051-76D6-43AA-822D-4E3A65A714EC"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC0F2A72-FF54-4CB6-8456-35AC90945720"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEA7EADB-82F1-4A28-8AF8-17F6BCFD4E23"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72AE1516-6085-4505-93EF-AFC8B7FEB357"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07C509BE-1B02-441E-9CA2-E568B39976DB"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "856C2298-D9AB-4947-B7A2-5457F7BA3BDB"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F91FDFE-D9F0-4839-B5A5-4F6400F2880A"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FB6C008-CC5D-4EBF-A2DF-688840C45FEE"
          },
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EB2F4E7-FC71-4DB5-BDC4-9069E20C5C9F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3237496-CE94-4CDC-B88A-F6C04F0063EC",
            "versionEndIncluding": "6.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References