CVE-2006-2635
CVSS4.3
发布时间 :2006-05-30 06:02:00
修订时间 :2012-10-24 00:00:00
NMCO    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.


[CNNVD]TikiWiki 多个跨站脚本攻击漏洞(CNNVD-200605-519)

        Tikiwiki(又称 Tiki CMS/Groupware) 1.9.x中存在多个跨站脚本攻击(XSS)漏洞。 远程攻击者可以借助(a) tiki-lastchanges.php中的(1) offset 和(2) days 参数,(b) tiki-orphan_pages.php中的(3) find和(4) offset参数, (c) tiki-listpages.php中的(5) offset和(6) initial参数, 以及(d) tiki-remind_password.php中的(7)未明字段当中诸如"ipt>" 等畸形嵌套HTML标签,注入任意Web脚本或HTML;并且,可以使具有管理员权限的远程认证用户借助(e) tiki-admin.php中的(8) metatags操作中的未明字段, (f) tiki-admin_rssmodules.php中的(9) offset参数, (g) tiki-syslog.php中的(10) offset和(11)max参数, (h) tiki-adminusers.php中的(12) numrows参数, (i) tiki-adminusers.php中的(13)未明字段, (j) tiki-admin_hotwords.php中的(14) 未明字段, (k) tiki-admin_modules.php中的(15) "Assign new module"和(16) "Create new user module"中的未明字段, (l) tiki-admin_notifications.php中的(17) "Add notification" 中的未明字段, (m) tiki-admin_notifications.php中的(18) offset参数,(o) tiki-admin_dsn.php中的(19) Name和(20) Dsn 字段, (p) tiki-admin_content_templates.php中的(21) offset参数, (q) tiki-admin_content_templates.php中的(22) "Create new template"中的未明字段, 以及(r) tiki-admin_chat.php中的(23) offset参数,注入任意Web 脚本或HTML。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)

cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.2Tiki Tikiwiki CMS/Groupware 1.9.2
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.3.2Tiki Tikiwiki CMS/Groupware 1.9.3.2
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.6Tiki Tikiwiki CMS/Groupware 1.9.6
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.0:rc1Tiki Tikiwiki CMS/Groupware 1.9.0 release candidate 1
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.7Tiki Tikiwiki CMS/Groupware 1.9.7
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.11Tiki Tikiwiki CMS/Groupware 1.9.11
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.8.1Tiki Tikiwiki CMS/Groupware 1.9.8.1
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.0Tiki Tikiwiki CMS/Groupware 1.9.0
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.10Tiki Tikiwiki CMS/Groupware 1.9.10
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.4Tiki Tikiwiki CMS/Groupware 1.9.4
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.0:rc3Tiki Tikiwiki CMS/Groupware 1.9.0 release candidate 3
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.9Tiki Tikiwiki CMS/Groupware 1.9.9
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.0:rc2Tiki Tikiwiki CMS/Groupware 1.9.0 release candidate 2
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.1Tiki Tikiwiki CMS/Groupware 1.9.1
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.3.1Tiki Tikiwiki CMS/Groupware 1.9.3.1
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.5Tiki Tikiwiki CMS/Groupware 1.9.5
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.3Tiki Tikiwiki CMS/Groupware 1.9.3
cpe:/a:tiki:tikiwiki_cms%2Fgroupware:1.9.8Tiki Tikiwiki CMS/Groupware 1.9.8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2635
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2635
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-519
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/20334
(VENDOR_ADVISORY)  SECUNIA  20334
http://www.vupen.com/english/advisories/2006/2024
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2024
http://www.securityfocus.com/bid/18143
(UNKNOWN)  BID  18143
http://www.securityfocus.com/archive/1/archive/1/436432/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060608 Tikiwiki 1.9.3.2 security release
http://www.securityfocus.com/archive/1/archive/1/435127/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060525 Multiple XSS Vulnerabilities in Tikiwiki 1.9.x
http://www.osvdb.org/26062
(UNKNOWN)  OSVDB  26062
http://www.osvdb.org/26061
(UNKNOWN)  OSVDB  26061
http://www.osvdb.org/26060
(UNKNOWN)  OSVDB  26060
http://www.osvdb.org/26059
(UNKNOWN)  OSVDB  26059
http://www.osvdb.org/26058
(UNKNOWN)  OSVDB  26058
http://www.osvdb.org/26057
(UNKNOWN)  OSVDB  26057
http://www.osvdb.org/26056
(UNKNOWN)  OSVDB  26056
http://www.osvdb.org/26055
(UNKNOWN)  OSVDB  26055
http://www.osvdb.org/26054
(UNKNOWN)  OSVDB  26054
http://www.osvdb.org/26053
(UNKNOWN)  OSVDB  26053
http://www.osvdb.org/26052
(UNKNOWN)  OSVDB  26052
http://www.osvdb.org/26051
(UNKNOWN)  OSVDB  26051
http://www.osvdb.org/26050
(UNKNOWN)  OSVDB  26050
http://www.osvdb.org/26049
(UNKNOWN)  OSVDB  26049
http://www.osvdb.org/26048
(UNKNOWN)  OSVDB  26048
http://tikiwiki.org/tiki-read_article.php?articleId=131
(UNKNOWN)  CONFIRM  http://tikiwiki.org/tiki-read_article.php?articleId=131
http://securityreason.com/securityalert/976
(UNKNOWN)  SREASON  976

- 漏洞信息

TikiWiki 多个跨站脚本攻击漏洞
中危 跨站脚本
2006-05-30 00:00:00 2006-06-14 00:00:00
远程  
        Tikiwiki(又称 Tiki CMS/Groupware) 1.9.x中存在多个跨站脚本攻击(XSS)漏洞。 远程攻击者可以借助(a) tiki-lastchanges.php中的(1) offset 和(2) days 参数,(b) tiki-orphan_pages.php中的(3) find和(4) offset参数, (c) tiki-listpages.php中的(5) offset和(6) initial参数, 以及(d) tiki-remind_password.php中的(7)未明字段当中诸如"ipt>" 等畸形嵌套HTML标签,注入任意Web脚本或HTML;并且,可以使具有管理员权限的远程认证用户借助(e) tiki-admin.php中的(8) metatags操作中的未明字段, (f) tiki-admin_rssmodules.php中的(9) offset参数, (g) tiki-syslog.php中的(10) offset和(11)max参数, (h) tiki-adminusers.php中的(12) numrows参数, (i) tiki-adminusers.php中的(13)未明字段, (j) tiki-admin_hotwords.php中的(14) 未明字段, (k) tiki-admin_modules.php中的(15) "Assign new module"和(16) "Create new user module"中的未明字段, (l) tiki-admin_notifications.php中的(17) "Add notification" 中的未明字段, (m) tiki-admin_notifications.php中的(18) offset参数,(o) tiki-admin_dsn.php中的(19) Name和(20) Dsn 字段, (p) tiki-admin_content_templates.php中的(21) offset参数, (q) tiki-admin_content_templates.php中的(22) "Create new template"中的未明字段, 以及(r) tiki-admin_chat.php中的(23) offset参数,注入任意Web 脚本或HTML。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        TikiWiki Project TikiWiki 1.9 -rc2
        TikiWiki Project tikiwiki-1.9.3.2.tar.gz
        http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do
        wnload
        TikiWiki Project TikiWiki 1.9 -rc3
        TikiWiki Project tikiwiki-1.9.3.2.tar.gz
        http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do
        wnload
        TikiWiki Project TikiWiki 1.9 -rc3.1
        TikiWiki Project tikiwiki-1.9.3.2.tar.gz
        http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do
        wnload
        TikiWiki Project TikiWiki 1.9 -rc1
        TikiWiki Project tikiwiki-1.9.3.2.tar.gz
        http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do
        wnload
        TikiWiki Project tikiwiki-1.9.3.2.tar.gz
        http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do
        wnload
        TikiWiki Project TikiWiki 1.9.1 .1
        TikiWiki Project tikiwiki-1.9.3.2.tar.gz
        http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do
        wnload
        TikiWiki Project TikiWiki 1.9.2
        TikiWiki Project tikiwiki-1.9.3.2.tar.gz
        http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do
        wnload
        TikiWiki Project TikiWiki 1.9.3 1
        TikiWiki Project tikiwiki-1.9.3.2.tar.gz
        http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do
        wnload

- 漏洞信息

26048
TikiWiki tiki-lastchanges.php Multiple Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

TikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'offset\' or \'days\' variables upon submission to the tiki-lastchanges.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2006-05-25 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.9.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站