Cross-Site Scripting Vulnerability in Tiki Wiki CMS
CVE-2024-47918

6.1MEDIUM

Key Information:

Vendor: Tiki Wiki
Status: Cms
Vendor: CVE Published:; 30 December 2024

Summary

The identified vulnerability in Tiki Wiki CMS stems from improper neutralization of script-related HTML tags within web pages, leading to potential cross-site scripting (XSS) attacks. This flaw enables attackers to inject malicious scripts into the content delivered to users, compromising the integrity and security of web applications. Users accessing affected web pages may unknowingly execute harmful scripts, which can result in data theft, session hijacking, and unauthorized actions within user accounts, emphasizing the importance of applying security patches promptly.

Affected Version(s)

CMS All versions

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 30, 2024
Vulnerability Reserved
Oct 6, 2024

Credit

Aviv Vinograzki - Peer Security LTD