Hiki cross-site scripting vulnerability


Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Hiki Development Team
  • Hiki 0.8.0 - 0.8.2


A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations.

Vendor Information

Hiki Development Team
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-2803

  1. JVN : JVN#38138980
  2. National Vulnerability Database (NVD) : CVE-2005-2803
  3. SecurityFocus : 15021
Revision History

  • [2008/05/21]
      Web page published