Back to CVE Browser

CVE-2006-7050

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1410%

EPSS Percentile14.62th

PublishedFeb 24, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.

Affected Platforms (CPE)

📦

Wikkawiki

Wikkawiki

<= 1.1.6.1

References & Advisories

🔗 http://secunia.com/advisories/20628

🔗 http://wikkawiki.org/WikkaReleaseNotes

🔗 http://wush.net/trac/wikka/changeset/47

🔗 http://wush.net/trac/wikka/ticket/142

🔗 http://www.securityfocus.com/bid/18481

🔗 http://www.vupen.com/english/advisories/2006/2381

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/27227

🔗 http://secunia.com/advisories/20628

Related Vulnerabilities

CVE-2007-26138.3

WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitr...

CVE-2007-26127.5

SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute ar...

CVE-2006-70497.5

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, w...

CVE-2011-44487.5

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execu...