← voltar
CVE-2020-8966

Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software

CVSS 6.5 MEDIUMEPSS 0.8%CWE-80
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Produtos afetados
Tiki-Wiki Groupware · Tiki-Wiki CMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://sourceforge.net/p/tikiwiki/code/75455https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software