CVE-2024-47918 - Vulnerability Details - OpenCVE

Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00122.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-42514	Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Fixes

Solution

Upgrade to version 28 or later

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Mon, 30 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 30 Dec 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description		Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Title		Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Weaknesses		CWE-78
References		https://www.gov.il/en/Departments/faq/cve_advisories
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2024-12-30T09:41:53.284Z

Updated: 2024-12-30T16:16:34.788Z

Reserved: 2024-10-06T07:19:12.343Z

Link: CVE-2024-47918

Vulnrichment

Updated: 2024-12-30T16:16:28.440Z

NVD

Status : Received

Published: 2024-12-30T10:15:06.223

Modified: 2024-12-30T10:15:06.223

Link: CVE-2024-47918

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47918", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2024-10-06T07:19:12.343Z", "datePublished": "2024-12-30T09:41:53.284Z", "dateUpdated": "2024-12-30T16:16:34.788Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CMS", "vendor": "Tiki Wiki", "versions": [{"lessThan": "version 28", "status": "affected", "version": "All versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Aviv Vinograzki - Peer Security LTD"}], "datePublic": "2024-12-30T09:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)</p>"}], "value": "Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-12-30T09:53:38.366Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to version 28 or later</span></span><br>"}], "value": "Upgrade to version 28 or later"}], "source": {"advisory": "ILVN-2024-0211", "discovery": "UNKNOWN"}, "title": "Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-30T16:16:23.439453Z", "id": "CVE-2024-47918", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-30T16:16:34.788Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47918", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-30T16:16:23.439453Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-30T16:16:28.440Z"}}], "cna": {"title": "Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "source": {"advisory": "ILVN-2024-0211", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Aviv Vinograzki - Peer Security LTD"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Tiki Wiki", "product": "CMS", "versions": [{"status": "affected", "version": "All versions", "lessThan": "version 28", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 28 or later", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to version 28 or later</span></span><br>", "base64": false}]}], "datePublic": "2024-12-30T09:38:00.000Z", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "supportingMedia": [{"type": "text/html", "value": "<p>Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-12-30T09:53:38.366Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47918", "state": "PUBLISHED", "dateUpdated": "2024-12-30T16:16:34.788Z", "dateReserved": "2024-10-06T07:19:12.343Z", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "datePublished": "2024-12-30T09:41:53.284Z", "assignerShortName": "INCD"}, "dataVersion": "5.1"}