CVE - CVE-2006-2635

CVE-ID
CVE-2006-2635	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:18143 URL:http://www.securityfocus.com/bid/18143 BUGTRAQ:20060525 Multiple XSS Vulnerabilities in Tikiwiki 1.9.x URL:http://www.securityfocus.com/archive/1/435127/100/0/threaded BUGTRAQ:20060608 Tikiwiki 1.9.3.2 security release URL:http://www.securityfocus.com/archive/1/436432/100/0/threaded CONFIRM:http://tikiwiki.org/tiki-read_article.php?articleId=131 OSVDB:26048 URL:~~http://www.osvdb.org/26048~~ (Obsolete source) OSVDB:26049 URL:~~http://www.osvdb.org/26049~~ (Obsolete source) OSVDB:26050 URL:~~http://www.osvdb.org/26050~~ (Obsolete source) OSVDB:26051 URL:~~http://www.osvdb.org/26051~~ (Obsolete source) OSVDB:26052 URL:~~http://www.osvdb.org/26052~~ (Obsolete source) OSVDB:26053 URL:~~http://www.osvdb.org/26053~~ (Obsolete source) OSVDB:26054 URL:~~http://www.osvdb.org/26054~~ (Obsolete source) OSVDB:26055 URL:~~http://www.osvdb.org/26055~~ (Obsolete source) OSVDB:26056 URL:~~http://www.osvdb.org/26056~~ (Obsolete source) OSVDB:26057 URL:~~http://www.osvdb.org/26057~~ (Obsolete source) OSVDB:26058 URL:~~http://www.osvdb.org/26058~~ (Obsolete source) OSVDB:26059 URL:~~http://www.osvdb.org/26059~~ (Obsolete source) OSVDB:26060 URL:~~http://www.osvdb.org/26060~~ (Obsolete source) OSVDB:26061 URL:~~http://www.osvdb.org/26061~~ (Obsolete source) OSVDB:26062 URL:~~http://www.osvdb.org/26062~~ (Obsolete source) SECUNIA:20334 URL:http://secunia.com/advisories/20334 SREASON:976 URL:http://securityreason.com/securityalert/976 VUPEN:ADV-2006-2024 URL:~~http://www.vupen.com/english/advisories/2006/2024~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20060530	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060530)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)