← back
CVE-2004-1924

CVE-2004-1924

EPSS 1.8%
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.
Affected products
n/a · n/a
public PoCs found12
exploitdbwww.exploit-db.com/exploits/43809unverifiedexploitdbwww.exploit-db.com/exploits/23953unverifiedexploitdbwww.exploit-db.com/exploits/23954unverifiedexploitdbwww.exploit-db.com/exploits/23956unverifiedexploitdbwww.exploit-db.com/exploits/23957unverifiedexploitdbwww.exploit-db.com/exploits/23959unverifiedexploitdbwww.exploit-db.com/exploits/23958unverifiedexploitdbwww.exploit-db.com/exploits/23955unverifiedexploitdbwww.exploit-db.com/exploits/23947unverifiedexploitdbwww.exploit-db.com/exploits/23960unverifiedexploitdbwww.exploit-db.com/exploits/23962unverifiedexploitdbwww.exploit-db.com/exploits/23961unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=108180073206947&w=2http://secunia.com/advisories/11344https://exchange.xforce.ibmcloud.com/vulnerabilities/15846http://tikiwiki.org/tiki-read_article.php?articleId=66http://www.securityfocus.com/bid/10100