fkie_cve-2011-4551
Vulnerability from fkie_nvd
Published
2012-10-01 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B46BEABB-4839-4D11-AF0C-E2E7CA5190BA",
"versionEndIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5160514-D8C3-458A-B3A6-24CD4FB96BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "481CEC51-C828-4AB7-9745-824B5D529D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3F664D-C59E-4033-805B-BB3C85528091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "457AEABE-F6C1-459A-883E-4D4F0DD8D441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4401BA0E-5F63-405C-8C42-C2E1E4C45306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "69930A94-2008-4259-B2BE-BD159B1FD6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4DB362-E012-4A97-8EA4-9589D2811C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC5B2D3-63D9-414D-92C2-4423CA525C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03BE8241-0A3F-48E5-9917-D22CC187F650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC898854-88D0-44F7-A742-30956E99F879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69CBF74D-A845-4461-8673-B3616339BD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F3472D-158E-439A-BBAA-9DB8677C97B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "197A8FDC-2474-4FB8-80E1-10A898D4CDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "395EC051-76D6-43AA-822D-4E3A65A714EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0F2A72-FF54-4CB6-8456-35AC90945720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA7EADB-82F1-4A28-8AF8-17F6BCFD4E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72AE1516-6085-4505-93EF-AFC8B7FEB357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07C509BE-1B02-441E-9CA2-E568B39976DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856C2298-D9AB-4947-B7A2-5457F7BA3BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F91FDFE-D9F0-4839-B5A5-4F6400F2880A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB6C008-CC5D-4EBF-A2DF-688840C45FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2F4E7-FC71-4DB5-BDC4-9069E20C5C9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:-:lts:*:*:*:*:*",
"matchCriteriaId": "F3237496-CE94-4CDC-B88A-F6C04F0063EC",
"versionEndIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en tiki-cookie-jar.php en TikiWiki CMS/Groupware, antes de v8.2 y LTS antes de v6.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros de su elecci\u00f3n."
}
],
"id": "CVE-2011-4551",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-01T00:55:00.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47278"
},
{
"source": "cve@mitre.org",
"url": "http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77966"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…