381111 – www-apps/tikiwiki: Cross-site Scripting Vulnerability

Bug 381111 - www-apps/tikiwiki: Cross-site Scripting Vulnerability

Summary: www-apps/tikiwiki: Cross-site Scripting Vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://info.tiki.org/article172-Tiki-...
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:	CVE-2010-1133
	Show dependency tree

Reported:	2011-08-30 05:36 UTC by Tim Sammut (RETIRED)
Modified:	2012-02-13 19:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2011-08-30 05:36:14 UTC

From the upstream release not at $URL:

The Tiki Software Community Association is proud to announce the immediate availability of Tiki 6.4 LTS and 7.1. Version 6 is the Long Term Support (LTS) version of Tiki Wiki CMS Groupware. Tiki 6.4 includes more than 200 fixes and enhancements contributed by the Tiki Community. These release includes several fixes, including a security issue posing a medium risk discovered by High-Tech Bridge SA Security Research Lab which can be exploited to perform cross-site scripting attacks. The Tiki community thanks High-Tech Bridge for reporting this issue and recommends all Tiki administrators to upgrade their sites to these latest versions.

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-12-10 01:22:55 UTC

Another XSS vulnerability in tikiwiki: CVE-2011-4336

https://secunia.com/advisories/45256/
http://www.htbridge.ch/advisory/xss_in_tiki_wiki_cms_groupware.html

@web-apps, ping? Thanks!

Comment 2 Alex Legler (RETIRED) archtester

2012-02-13 19:33:29 UTC

Package was removed.