Detections
Analytics
TikiWiki tiki-error.php XSS
medium Nessus Plugin ID 15709
Language:
Synopsis
A web application on the remote host has a cross-site scripting vulnerability.Description
The remote host is running TikiWiki, a content management system written in PHP.The version of this software running on the remote host has a cross-site scripting vulnerability in tiki-error.php. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in the execution of arbitrary script code.
Solution
Upgrade to TikiWiki 1.7.8 or later.See Also
Plugin Details
Severity: Medium
ID: 15709
File Name: tikiwiki_xss.nasl
Version: 1.18
Type: remote
Family: CGI abuses : XSS
Published: 11/13/2004
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:tikiwiki:tikiwiki
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Reference Information
BID: 14121