Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 212227 (CVE-2008-1047) - www-apps/tikiwiki < 1.9.10.1 Cross-Site Scripting Vulnerability (CVE-2008-1047)
Summary: www-apps/tikiwiki < 1.9.10.1 Cross-Site Scripting Vulnerability (CVE-2008-1047)
Status: RESOLVED FIXED
Alias: CVE-2008-1047
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2008-03-03 20:50 UTC by Hanno Böck
Modified: 2008-03-15 16:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-03-03 20:50:57 UTC 
CVE-2008-1047:
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Beside, the bundled smarty lib may be affected (see #212147 ), that's unfixed till  latest version.
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2008-03-03 21:36:02 UTC 
www-apps/tikiwiki-1.9.10.1 in cvs, only ppc has a stable version
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-03-04 10:57:39 UTC 
Does it also fix the issue in the smarty copy?
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-04 20:57:34 UTC 
ppc stable
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2008-03-05 06:52:45 UTC 
Fixed in release snapshot.
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-03-15 14:45:21 UTC 
(In reply to comment #2)
> Does it also fix the issue in the smarty copy?

No, bug 213320.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-03-15 14:46:19 UTC 
This is a vote, I vote NO.
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-15 16:24:26 UTC 
NO too, and closing.