oss-sec mailing list archives

Stored XSS vulnerabilities in Tiki <= 18.1

From: chbi () chbi eu
Date: Thu, 2 Aug 2018 19:45:38 +0200

Hi,

I've discovered four security issues in Tiki <= 18.1 (https://tiki.org)


Four stored XSS vulnerabilities allow an authenticated user injecting
JavaScript to gain administrator privileges if an administrator opens a
wiki page and moves the mouse pointer over a modified link or thumb image.


The issues are fixed in Tiki 18.2 and the fixes are backported to 12.14
and 15.7.

Fixes:
https://sourceforge.net/p/tikiwiki/code/66809
https://sourceforge.net/p/tikiwiki/code/66990


Timeline:
2018-06-15: Issues discovered and reported
2018-06-25: 3 of 4 issues fixed
2018-07-12: All 4 issues confirmed
2018-07-20: 4 of 4 issues fixed
2018-07-31: Tiki 18.2, 15.7 and 12.14 released


I've requested a CVE ID (MITRE).

-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Stored XSS vulnerabilities in Tiki <= 18.1 chbi (Aug 02)
- Re: Stored XSS vulnerabilities in Tiki <= 18.1 chbi (Aug 02)