WikkaWiki Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running WikkaWiki and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to WikkaWiki 1.3.4-p1 or later, For updates refer to http://www.wikkawiki.org

Insight

Input passed via 'wakka' parameter to 'wikka.php' script is not properly sanitised before being returned to the user.

Affected

WikkaWiki 1.3.4 and probably prior.

Detection

Send a crafted data via HTTP GET request and check whether it is able to read the cookie or not.

References

http://seclists.org/bugtraq/2013/Sep/47
http://secunia.com/advisories/54790
http://www.osvdb.com/97183
https://www.htbridge.com/advisory/HTB23170

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5586
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat SecurityConstraints Security Bypass Vulnerability
3Com NBX VoIP NetSet Detection
Apache Struts Cross Site Scripting Vulnerability
Allaire JRun directory browsing vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014

Take action and discover your vulnerabilities