id: tikiwiki-xss info: name: Tiki Wiki CMS Groupware v25.0 - Cross Site Scripting author: arafatansari severity: medium description: | Tiki Wiki CMS Groupware version 25.0 suffers from a cross site scripting vulnerability. reference: - https://packetstormsecurity.com/files/170446/Tiki-Wiki-CMS-Groupware-25.0-Cross-Site-Scripting.html metadata: verified: true max-request: 2 shodan-query: http.html:"tiki wiki" product: tikiwiki_cms\/groupware vendor: tiki fofa-query: body="tiki wiki" tags: edb,xss,tikiwiki,packetstorm,acketstorm http: - method: GET path: - "{{BaseURL}}/tiki/tiki-ajax_services.php?controller=comment&action=list&type=wiki+page&objectId=" - "{{BaseURL}}/tiki-ajax_services.php?controller=comment&action=list&type=wiki+page&objectId=" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - '' - 'Tiki Wiki CMS' condition: and - type: word part: header words: - "text/html" - type: status status: - 403 # digest: 490a00463044022030839e43c9c95dfb0b9770f0288ee20c812b41f6be9002f10e96a9158130cc92022028805a1290dd28c8350d81b74718261cad32c903d0cb71f026770f8bed361037:922c64590222798bb761d5b6d8e72950