CVE-2006-2635
TikiWiki 1.9 - 'tiki-lastchanges.php' Multiple Cross-Site Scripting Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-05-29 First Exploit
- 2006-05-30 CVE Reserved
- 2006-05-30 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/976 | Third Party Advisory | |
| http://tikiwiki.org/tiki-read_article.php?articleId=131 | X_refsource_confirm | |
| http://www.osvdb.org/26048 | Vdb Entry | |
| http://www.osvdb.org/26049 | Vdb Entry | |
| http://www.osvdb.org/26050 | Vdb Entry | |
| http://www.osvdb.org/26051 | Vdb Entry | |
| http://www.osvdb.org/26052 | Vdb Entry | |
| http://www.osvdb.org/26053 | Vdb Entry | |
| http://www.osvdb.org/26054 | Vdb Entry | |
| http://www.osvdb.org/26055 | Vdb Entry | |
| http://www.osvdb.org/26056 | Vdb Entry | |
| http://www.osvdb.org/26057 | Vdb Entry | |
| http://www.osvdb.org/26058 | Vdb Entry | |
| http://www.osvdb.org/26059 | Vdb Entry | |
| http://www.osvdb.org/26060 | Vdb Entry | |
| http://www.osvdb.org/26061 | Vdb Entry | |
| http://www.osvdb.org/26062 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/435127/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/436432/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/27917 | 2006-05-29 | |
| http://secunia.com/advisories/20334 | 2024-08-07 | |
| http://www.securityfocus.com/bid/18143 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/2024 | 2018-10-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.0 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.0" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.0 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.0" | rc1 |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.0 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.0" | rc2 |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.0 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.0" | rc3 |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.1 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.1" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.2 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.2" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.3 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.3" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.3.1 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.3.1" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.3.2 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.3.2" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.4 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.4" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.5 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.5" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.6 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.6" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.7 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.7" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.8 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.8" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.8.1 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.8.1" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.9 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.9" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.10 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.10" | - |
Affected
| ||||||
| Tiki Search vendor "Tiki" | Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" | 1.9.11 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "1.9.11" | - |
Affected
| ||||||