Vulnerability Details CVE-2012-5321
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.266
EPSS Ranking 96.2%
CVSS Severity
CVSS v2 Score 5.8
References
- http://osvdb.org/79409
- http://secunia.com/advisories/48102
- http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html
- http://www.securityfocus.com/bid/52079
- http://www.securitytracker.com/id?1026708
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73403
- http://osvdb.org/79409
- http://secunia.com/advisories/48102
- http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html
- http://www.securityfocus.com/bid/52079
- http://www.securitytracker.com/id?1026708
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73403
Products affected by CVE-2012-5321
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:8.3