Vulnerabilities > CVE-2006-2652 - HTML Injection vulnerability in WikiNi

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

wikini

NVD

Published: 2006-05-30

Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. Successful exploitation requires that the attacker have rights to edit at least one page of the wiki.

Vulnerable Configurations

Part	Description	Count
Application	Wikini Wikini Wikini *	1

References

http://secunia.com/advisories/20366
http://securityreason.com/securityalert/981
http://www.osvdb.org/25802
http://www.securityfocus.com/archive/1/435307/100/0/threaded
http://www.securityfocus.com/bid/18156
http://zone14.free.fr/advisories/3/
https://exchange.xforce.ibmcloud.com/vulnerabilities/26772