source: https://www.securityfocus.com/bid/51128/info
Tiki Wiki CMS Groupware is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Tested with Firefox 7.01
Visit this URL
http://www.example.com/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss= -> blank site
But when you visit one of this pages, the XSS will be executed
http://www.example.com/tiki-8.1/tiki-login.php
http://www.example.com/tiki-8.1/tiki-remind_password.php
// browser source code
show_errors: 'y',
xss: ''
};
Another example:
http://www.example.com/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss1=
http://www.example.com/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss2=
http://www.example.com/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss3=
All of them will be executed!
// browser source code
show_errors: 'y',
xss1: '',
xss2: '',
xss3: ''
};