Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17884
HistoryAug 25, 2007 - 12:00 a.m.

Tikiwiki 1.9.7 HTML/embed object injection

2007-08-2500:00:00
vulners.com
50
JSON

Tikiwiki
Version: 1.9.7

Example Address
http://example.com/tiki-remind_password.php

Overview:
The following codes can be added to the HTML password page by placing the HTML codes in the user name input box and hitting the "send me my password" button.

Examples:
1.<br><br><b><u>XSS</u></b>
2.<EMBED SRC="http://site.com/xss.swf&quot;
3.<html><fontcolor="Red"><b>Pwned</b></font></html>

JSON