SHARE
TWEET

CVE-2019-15314

a guest Aug 22nd, 2019 451 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CVE-2019-15314
  2.  
  3. > [Description]
  4.  > tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to
  5.  > upload JavaScript code that is executed upon visiting a
  6.  > tiki/tiki-download_file.php?display&fileId= URI.
  7.  >
  8.  > ------------------------------------------
  9.  >
  10.  > [Additional Information]
  11.  > File upload and JavaScript code injection.
  12.  > http://127.0.0.1/tiki/tiki-upload_file.php
  13.  >
  14.  > The TikiWiki CMS application allows you to upload a JavaScript file in the "File Upload" module.
  15.  > When viewing the uploaded file, the JavaScript code runs in the client browser.
  16.  >
  17.  > The injected JavaScript code is stored by the application and executed every time someone views it.
  18.  > ["Browser display (Raw / Download)"]
  19.  > http://127.0.0.1/tiki/tiki-download_file.php?fileId=17&display
  20.  >
  21.  > ------------------------------------------
  22.  >
  23.  > [Vulnerability Type]
  24.  > Cross Site Scripting (XSS)
  25.  >
  26.  > ------------------------------------------
  27.  >
  28.  > [Vendor of Product]
  29.  > https://tiki.org/HomePage
  30.  >
  31.  > ------------------------------------------
  32.  >
  33.  > [Affected Product Code Base]
  34.  > Tiki Wiki CMS - 18.4
  35.  >
  36.  > ------------------------------------------
  37.  >
  38.  > [Affected Component]
  39.  > Affected component: tiki-upload_file.php
  40.  >
  41.  > ------------------------------------------
  42.  >
  43.  > [Attack Type]
  44.  > Remote
  45.  >
  46.  > ------------------------------------------
  47.  >
  48.  > [Impact Code execution]
  49.  > true
  50.  >
  51.  > ------------------------------------------
  52.  >
  53.  > [Attack Vectors]
  54.  > Client side JavaScript code injection.
  55.  >
  56.  > ------------------------------------------
  57.  >
  58.  > [Reference]
  59.  > https://tiki.org/HomePage
  60.  
  61.  Use CVE-2019-15314.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top