Test ID:	1.3.6.1.4.1.25623.1.0.800266
Category:	Web application abuses
Title:	Tiki Wiki CMS Groupware < 2.4 Multiple XSS Vulnerabilities
Summary:	Tiki Wiki CMS Groupware is prone to multiple cross-site; scripting (XSS) vulnerabilities.
Description:	Summary: Tiki Wiki CMS Groupware is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: Multiple flaws are due to improper sanitization of user supplied input in the pages i.e. 'tiki-orphan_pages.php', 'tiki-listpages.php', 'tiki-list_file_gallery.php' and 'tiki-galleries.php' which lets the attacker conduct XSS attacks inside the context of the web application. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary HTML codes in the context of the affected web application. Affected Software/OS: Tiki Wiki CMS Groupware version 2.3 and prior. Solution: Update to version 2.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1204 BugTraq ID: 34105 http://www.securityfocus.com/bid/34105 BugTraq ID: 34106 http://www.securityfocus.com/bid/34106 BugTraq ID: 34107 http://www.securityfocus.com/bid/34107 BugTraq ID: 34108 http://www.securityfocus.com/bid/34108 Bugtraq: 20090312 TikiWiki 2.2 XSS Vulnerability in URI (Google Search) http://www.securityfocus.com/archive/1/501702/100/0/threaded http://secunia.com/advisories/34273
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.