Cross-Site Scripting Vulnerability in Tiki Wiki CMS Groupware
CVE-2011-4336

6.1MEDIUM

Key Information:

Vendor: Tiki
Status: Wiki CMS Groupware
Vendor: CVE Published:; 15 January 2020

What is CVE-2011-4336?

Tiki Wiki CMS Groupware version 7.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability through the GET parameter 'ajax' in the snarf_ajax.php file, allowing attackers to inject malicious scripts into web pages viewed by other users. This flaw can compromise user sessions and lead to unauthorized actions on behalf of users, thereby posing significant security risks to web applications utilizing this software.

Affected Version(s)

Wiki CMS Groupware 7.0

References

https://seclists.org/bugtraq/2011/Nov/140

x_refsource_MISC

https://www.securityfocus.com/bid/48806/info

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Nov 4, 2011