CVE-2020-8966
Summary
| CVE | CVE-2020-8966 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-04-01 21:15:00 UTC |
| Updated | 2020-04-03 16:43:00 UTC |
| Description | There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Tiki | Tikiwiki Cms/groupware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Tiki Wiki CMS Groupware / SVN-Code / Commit [r75455] | CONFIRM | sourceforge.net | Patch |
| Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software | INCIBE-CERT | CONFIRM | www.incibe-cert.es | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Pablo Sebastián Arias Rodríguez, Rubén Barberà Pérez, Jorge Alberto Palma Reyes from S2Grupo at CSIRT-CV (Valencia CSIRT) with special thanks to the CSIRT-CV team
There are currently no legacy QID mappings associated with this CVE.