Cross-site scripting (XSS) vulnerability in tiki-featured_link.php (CVE-2006-5703)

Brought to you by: chuckatsf

#21 Cross-site scripting (XSS) vulnerability in tiki-featured_link.php (CVE-2006-5703)

Status: new

Owner: Chuck

Labels: XSS (4)

Component: TikiWiki

Severity: Medium

Version: Current

Updated: 2014-09-11

Created: 2011-12-20

Creator: anonymous

Private: No

Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.

PoC: http://owaspbwa/tikiwiki/tiki-featured_link.php?type=f&url=%22%20%3E%3C/iframe%3E%3Cscr%3C/script%3Eipt%3Ealert%28%27XSS%27%29%3C/scri%3C/script%3Ept%3E%20%3C!--

Cross-site scripting (XSS) vulnerability in tiki-featured_link.php (CVE-2006-5703)

Searches

Help

#21 Cross-site scripting (XSS) vulnerability in tiki-featured_link.php (CVE-2006-5703)

Discussion