Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 264570 - <www-apps/tikiwiki-2.3 Cross-Site Scripting (CVE-2009-1204)
Summary: <www-apps/tikiwiki-2.3 Cross-Site Scripting (CVE-2009-1204)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://info.tikiwiki.org/tiki-read_ar...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks: 262280
  Show dependency tree
 
Reported: 2009-04-01 23:37 UTC by Robert Buchholz (RETIRED)
Modified: 2009-06-26 08:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-04-01 23:37:22 UTC 
CVE-2009-1204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1204):
  Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki)
  CMS/Groupware 2.2 allows remote attackers to inject arbitrary web
  script or HTML via the PHP_SELF portion of a URI to (1)
  tiki-galleries.php, (2) tiki-list_file_gallery.php, (3)
  tiki-listpages.php, and (4) tiki-orphan_pages.php.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-06-11 19:12:38 UTC 
Arches, please test and mark stable:
=www-apps/tikiwiki-2.4
Target keywords : "ppc"
Comment 2 Brent Baude (RETIRED) gentoo-dev 2009-06-21 14:04:24 UTC 
ppc done
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-06-26 08:50:50 UTC 
XSS in webapps -> noglsa, closing.