oss-sec mailing list archives

Re: CVE request: < tikiwiki 2.3: XSS

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 31 Mar 2009 21:13:00 -0400 (EDT)


======================================================
Name: CVE-2009-1204
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1204
Reference: BUGTRAQ:20090312 TikiWiki 2.2 XSS Vulnerability in URI
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/501702/100/0/threaded
Reference: 
CONFIRM:http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359&trackerId=5&show=view&reloff=3&cant=1229&status=o&trackerId=5&sort_mode=created_desc
Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=51
Reference: CONFIRM:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup
Reference: BID:34105
Reference: URL:http://www.securityfocus.com/bid/34105
Reference: BID:34106
Reference: URL:http://www.securityfocus.com/bid/34106
Reference: BID:34107
Reference: URL:http://www.securityfocus.com/bid/34107
Reference: BID:34108
Reference: URL:http://www.securityfocus.com/bid/34108
Reference: SECUNIA:34273
Reference: URL:http://secunia.com/advisories/34273

Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki)
CMS/Groupware 2.2 allows remote attackers to inject arbitrary web
script or HTML via the PHP_SELF portion of a URI to (1)
tiki-galleries.php, (2) tiki-list_file_gallery.php, (3)
tiki-listpages.php, and (4) tiki-orphan_pages.php.

Current thread:

CVE request: < tikiwiki 2.3: XSS Hanno Böck (Mar 27)
- Re: CVE request: < tikiwiki 2.3: XSS Steven M. Christey (Mar 31)