Summary: | www-apps/tikiwiki XSS vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Davey <gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Michael Davey
2005-10-19 14:35:46 UTC
<http://tikiwiki.org/art118> for more information <http://tikiwiki.org/Download> for files download Reassigning to webapps team. Please email security@tikiwiki.org if you need further security information. Cheers, -- Michael a TikiWiki developer URL removed. Information from changelog: Version 1.9.1.1 * [FIX] Fixed an XSS-vulnerability * [MOD] Improved Tiki Security Admin * [FIX] tweaks to fixperms.sh, /img/tracker included www-apps please bump. Bumped. Apologies for the delay, had to sort out my PHP installation. ppc: please test and mark stable Stable on ppc. Ready for GLSa vote When running a wiki, one should be aware that they tend to be a bit insecure, and since this is only a XSS, i'd say no. I vote yes for XSS issues on internet-facing websites, and wikis are. I would agree with DerCorny, voting NO. I vote YES, we did several previous GLSAs on these types of issues with these types of web apps or similar (webmail, groupware). Let the vote continue:-) Beh, everyone active voted. Let's say two yes win over two no's :) GLSA 200510-23 |