CVE-2006-7050

medium

Description

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27227

http://www.vupen.com/english/advisories/2006/2381

http://www.securityfocus.com/bid/18481

http://wush.net/trac/wikka/ticket/142

http://wush.net/trac/wikka/changeset/47

http://wikkawiki.org/WikkaReleaseNotes

http://secunia.com/advisories/20628

Details

Source: Mitre, NVD

Published: 2007-02-24

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00973