oss-sec mailing list archives
Re: CVE request: < tikiwiki 2.3: XSS
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 31 Mar 2009 21:13:00 -0400 (EDT)
====================================================== Name: CVE-2009-1204 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1204 Reference: BUGTRAQ:20090312 TikiWiki 2.2 XSS Vulnerability in URI Reference: URL:http://www.securityfocus.com/archive/1/archive/1/501702/100/0/threaded Reference: CONFIRM:http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359&trackerId=5&show=view&reloff=3&cant=1229&status=o&trackerId=5&sort_mode=created_desc Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=51 Reference: CONFIRM:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup Reference: BID:34105 Reference: URL:http://www.securityfocus.com/bid/34105 Reference: BID:34106 Reference: URL:http://www.securityfocus.com/bid/34106 Reference: BID:34107 Reference: URL:http://www.securityfocus.com/bid/34107 Reference: BID:34108 Reference: URL:http://www.securityfocus.com/bid/34108 Reference: SECUNIA:34273 Reference: URL:http://secunia.com/advisories/34273 Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.
Current thread:
- CVE request: < tikiwiki 2.3: XSS Hanno Böck (Mar 27)
- Re: CVE request: < tikiwiki 2.3: XSS Steven M. Christey (Mar 31)