tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
References
Link | Resource |
---|---|
https://pastebin.com/wEM7rnG7 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-22T12:15:31
Updated: 2019-08-22T12:15:31
Reserved: 2019-08-21T00:00:00
Link: CVE-2019-15314
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-22T13:15:13.013
Modified: 2019-08-28T19:05:43.760
Link: CVE-2019-15314
JSON object: View
Redhat Information
No data.
CWE