CVE-2006-7050

Name of the Vulnerable Software and Affected Versions WikkaWiki versions prior to 1.1.6.2

Description The issue is related to a cross-site scripting (XSS) problem. It allows remote attackers to inject arbitrary javascript code. This can be done via events in forced links, which are not properly handled in the formatters/wakka.php file. Other potential vectors for this issue are in the wikka.php file.

Recommendations For versions prior to 1.1.6.2, update to version 1.1.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the formatters/wakka.php and wikka.php files until the update is applied. Avoid using the url parameter in forced links until the issue is resolved.