Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2006-2635

Опубликовано: 30 мая 2006
Источник: nvd
CVSS2: 4.3
EPSS Средний

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.8.1:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.9:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.10:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.11:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.13466
Средний

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2006-2635

ubuntu
больше 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16...

debian логотип

CVE-2006-2635

debian
больше 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka T ...

github логотип

GHSA-whfj-j874-g5c6

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16...

EPSS

Процентиль: 94%
0.13466
Средний

4.3 Medium

CVSS2

Дефекты

CWE-79