[Japanese]

JVNDB-2005-000780

Hiki cross-site scripting vulnerability

Overview

Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability.

CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hiki Development Team
  • Hiki 0.8.0 - 0.8.2

Impact

A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into the system as the administrator, the remote attacker could manipulate configurations.
Solution

Vendor Information

Hiki Development Team
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-2336
References

  1. JVN : JVN#38138980
  2. National Vulnerability Database (NVD) : CVE-2005-2336
  3. Secunia Advisory : SA17075
  4. SecurityFocus : 15021
Revision History

  • [2008/05/21]
      Web page published

Date Public2005/08/04
Date First Published2008/05/21
Date Last Updated2008/05/21