CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-7050

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1410%
EPSS Percentile14.62th
Published2007年2月24日
Last Modified2026年4月23日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.

Affected Platforms (CPE)

📦
Wikkawiki

Wikkawiki

<= 1.1.6.1

References & Advisories

🔗 http://secunia.com/advisories/20628
🔗 http://wikkawiki.org/WikkaReleaseNotes
🔗 http://wush.net/trac/wikka/changeset/47
🔗 http://wush.net/trac/wikka/ticket/142
🔗 http://www.securityfocus.com/bid/18481
🔗 http://www.vupen.com/english/advisories/2006/2381
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/27227
🔗 http://secunia.com/advisories/20628

相关漏洞威胁

CVE-2007-26138.3

WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitr...

CVE-2007-26127.5

SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute ar...

CVE-2006-70497.5

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, w...

CVE-2011-44487.5

SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execu...