header-logo
Suggest Exploit
vendor:
Tiki Wiki CMS Groupware
by:
Not specified
7.5
CVSS
HIGH
Cross-site scripting (XSS)
79
CWE
Product Name: Tiki Wiki CMS Groupware
Affected Version From: 7
Affected Version To: Not specified
Patch Exists: NO
Related CWE: Not specified
CPE: a:tiki_wiki_cms_groupware:tiki_wiki_cms_groupware:7.0
Metasploit:
Other Scripts:
Platforms Tested: Not specified
Not specified

Cross-site scripting vulnerability in Tiki Wiki CMS Groupware

Tiki Wiki CMS Groupware is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

Implement proper input validation and sanitization techniques to prevent XSS attacks. Regularly update Tiki Wiki CMS Groupware to the latest version to ensure that security patches are applied.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48806/info

Tiki Wiki CMS Groupware is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Tiki Wiki CMS Groupware 7.0 is vulnerable; other versions may also be affected. 

http://www.example.com/snarf_ajax.php?url=1&ajax=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E