CVE-2005-2336 - Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject ar

CVE-2005-2336

Summary

Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.

References

http://hikiwiki.org/en/advisory20050804.html
http://jvn.jp/en/jp/JVN38138980/index.html
http://secunia.com/advisories/17075
http://www.securityfocus.com/bid/15021

Vulnerable Configurations

cpe:2.3:a:hiki:hiki:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:hiki:hiki:0.8.2:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-11-2008 - 05:51)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	15021
confirm	http://hikiwiki.org/en/advisory20050804.html
jvn	JVN#38138980
secunia	17075

Last major update

11-11-2008 - 05:51

Published

06-09-2005 - 21:03

Last modified

11-11-2008 - 05:51