This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Secunia reports :
Thomas Pollet has discovered a vulnerability in TikiWiki, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the 'highlight' parameter in tiki-searchindex.php is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
rgod has discovered a vulnerability in TikiWiki, which can be
exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the 'jhot.php' script not correctly
verifying uploaded files. This can e.g. be exploited to execute
arbitrary PHP code by uploading a malicious PHP script to the
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.8
Public Exploit Available : true
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 22490 (freebsd_pkg_e4c62abd506511dba5ae00508d6a62df.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now