{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://wikkawiki.org/WikkaReleaseNotes"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wush.net/trac/wikka/changeset/47"}, {"name": "ADV-2006-2381", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2381"}, {"name": "20628", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20628"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wush.net/trac/wikka/ticket/142"}, {"name": "wikkawiki-url-xss(27227)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27227"}, {"name": "18481", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18481"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7050", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wikkawiki.org/WikkaReleaseNotes", "refsource": "CONFIRM", "url": "http://wikkawiki.org/WikkaReleaseNotes"}, {"name": "http://wush.net/trac/wikka/changeset/47", "refsource": "CONFIRM", "url": "http://wush.net/trac/wikka/changeset/47"}, {"name": "ADV-2006-2381", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2381"}, {"name": "20628", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20628"}, {"name": "http://wush.net/trac/wikka/ticket/142", "refsource": "CONFIRM", "url": "http://wush.net/trac/wikka/ticket/142"}, {"name": "wikkawiki-url-xss(27227)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27227"}, {"name": "18481", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18481"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7050", "datePublished": "2007-02-24T00:00:00", "dateReserved": "2007-02-23T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wikkawiki:wikkawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "98ABA654-0C36-4611-87A0-4DC94592BB17", "versionEndIncluding": "1.1.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php."}, {"lang": "es", "value": "Vulnerabilida de secuencia de comandos en sitios cruzados (XSS) en WikkaWiki (Wikka Wiki) anterior a 1.1.6.2 permite a atacantes remotos inyectar javascript de su elecci\u00f3n a trav\u00e9s de (1) eventos en enlaces forzados (par\u00e1metro url) que no son manejadas adecuadamente en formatters/wakka.php, y posiblemente (2) otros vectores en wikka.php."}], "id": "CVE-2006-7050", "lastModified": "2017-07-29T01:29:48.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-24T00:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://secunia.com/advisories/20628"}, {"source": "cve@mitre.org", "url": "http://wikkawiki.org/WikkaReleaseNotes"}, {"source": "cve@mitre.org", "url": "http://wush.net/trac/wikka/changeset/47"}, {"source": "cve@mitre.org", "url": "http://wush.net/trac/wikka/ticket/142"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18481"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2381"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27227"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}