Published:2005/08/04 Last Updated:2008/05/21
JVN#38138980
Hiki cross-site scripting vulnerability
Overview
Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.
Products Affected
- Hiki 0.8.0 - 0.8.2
Description
Impact
A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations.
Solution
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports |
JPCERT-WR-2005-3101 JPCERT/CC REPORT 2005-08-10 |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2005-2336 CVE-2005-2803 |
| JVN iPedia |
JVNDB-2005-000779 |