Lucene search

[email protected]NVD:CVE-2016-9889

HistoryDec 23, 2016 - 5:59 a.m.

CVE-2016-9889

2016-12-2305:59:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.6%

JSON

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don’t have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.

Affected configurations

Nvd

Node

tikitikiwiki_cms\/groupwareMatch12.0

tikitikiwiki_cms\/groupwareMatch12.1

tikitikiwiki_cms\/groupwareMatch12.2

tikitikiwiki_cms\/groupwareMatch12.3

tikitikiwiki_cms\/groupwareMatch12.4

tikitikiwiki_cms\/groupwareMatch12.5

tikitikiwiki_cms\/groupwareMatch12.6

tikitikiwiki_cms\/groupwareMatch12.7

tikitikiwiki_cms\/groupwareMatch12.8

tikitikiwiki_cms\/groupwareMatch12.9lts

tikitikiwiki_cms\/groupwareMatch15.0

tikitikiwiki_cms\/groupwareMatch15.1

tikitikiwiki_cms\/groupwareMatch15.2

tikitikiwiki_cms\/groupwareMatch16.0

VendorProductVersionCPE
tikitikiwiki_cms\/groupware12.0cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.0:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.1cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.1:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.2cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.2:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.3cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.3:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.4cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.4:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.5cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.5:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.6cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.6:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.7cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.7:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.8cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.8:*:*:*:*:*:*:*
tikitikiwiki_cms\/groupware12.9cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.9:*:lts:*:*:*:*:*

Vendor	Product	Version	CPE
tiki	tikiwiki_cms\/groupware	12.0	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.0:::::::*
tiki	tikiwiki_cms\/groupware	12.1	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.1:::::::*
tiki	tikiwiki_cms\/groupware	12.2	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.2:::::::*
tiki	tikiwiki_cms\/groupware	12.3	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.3:::::::*
tiki	tikiwiki_cms\/groupware	12.4	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.4:::::::*
tiki	tikiwiki_cms\/groupware	12.5	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.5:::::::*
tiki	tikiwiki_cms\/groupware	12.6	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.6:::::::*
tiki	tikiwiki_cms\/groupware	12.7	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.7:::::::*
tiki	tikiwiki_cms\/groupware	12.8	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.8:::::::*
tiki	tikiwiki_cms\/groupware	12.9	cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.9::lts:::::

Rows per page:

1-10 of 141

References

www.securityfocus.com/bid/95083

www.securitytracker.com/id/1037531

tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.6%

JSON

Related for NVD:CVE-2016-9889

prion1 cvelist1 cve1