Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Tiki
  • Tikiwiki Cms\/groupware

Configuration 1 [-]

cpe:2.3:a:tiki:tikiwiki_cms\/groupware:2.2:*:*:*:*:*:*:*
References
Link Resource
http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359&trackerId=5&show=view&reloff=3&cant=1229&status=o&trackerId=5&sort_mode=created_desc Exploit Vendor Advisory
http://info.tikiwiki.org/tiki-read_article.php?articleId=51 Patch
http://secunia.com/advisories/34273 Vendor Advisory
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup Patch
http://www.securityfocus.com/archive/1/501702/100/0/threaded
http://www.securityfocus.com/bid/34105 Exploit
http://www.securityfocus.com/bid/34106 Exploit
http://www.securityfocus.com/bid/34107 Exploit
http://www.securityfocus.com/bid/34108 Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-01T01:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2009-03-31T00:00:00

Link: CVE-2009-1204

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-04-01T01:30:00.483

Modified: 2018-10-10T19:35:08.607

Link: CVE-2009-1204

JSON object: View

cve-icon Redhat Information

No data.

CWE