[Japanese]

JVNDB-2005-000779

Hiki cross-site scripting vulnerability

Overview

Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hiki Development Team
  • Hiki 0.8.0 - 0.8.2

Impact

A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations.
Solution

Vendor Information

Hiki Development Team
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-2803
References

  1. JVN : JVN#38138980
  2. National Vulnerability Database (NVD) : CVE-2005-2803
  3. SecurityFocus : 15021
Revision History

  • [2008/05/21]
      Web page published