Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software
CVE-2020-8966

6.5MEDIUM

Key Information:

Vendor: Tiki-wiki Groupware
Status: Tiki-wiki Cms
Vendor: CVE Published:; 1 April 2020

🔔 Create Tiki-wiki Groupware Vulnerability Alert

What is CVE-2020-8966?

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.

Affected Version(s)

Tiki-Wiki CMS through 20.0

References

https://www.incibe-cert.es/en/early-warning/security-advi...

x_refsource_CONFIRM

https://sourceforge.net/p/tikiwiki/code/75455

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2020
Vulnerability Reserved
Feb 13, 2020

Credit

Pablo Sebastián Arias Rodríguez, Rubén Barberà Pérez, Jorge Alberto Palma Reyes from S2Grupo at CSIRT-CV (Valencia CSIRT) with special thanks to the CSIRT-CV team