[Japanese]

JVNDB-2005-000779

Hiki cross-site scripting vulnerability

Overview

Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Hiki Development Team
  • Hiki 0.8.0 - 0.8.2
Impact

A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations.
Solution

Vendor Information

Hiki Development Team
References

  1. JVN : JVN#38138980
  2. National Vulnerability Database (NVD) : CVE-2005-2803
  3. Common Vulnerabilities and Exposures (CVE) : CVE-2005-2803
  4. SecurityFocus : 15021
Revision History

[2008/05/21]
  Web page published

Date Public2005/08/04
Date First Published2008/05/21
Date Last Updated2008/05/21