Bug 190680

Summary:	www-apps/tikiwiki-1.9.7 username param XSS (CVE-2007-4554)
Product:	Gentoo Security	Reporter:	Matt Fleming (RETIRED) <mjf>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/26618/
Whiteboard:	C4 [noglsa]
Package list:		Runtime testing required:	---

Description Matt Fleming (RETIRED) gentoo-dev

2007-08-29 18:26:57 UTC

A vulnerability has been discovered in Tikiwiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "username" parameter in tiki-remind_password.php (when "remind" is set to "send me my password") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code (for example with meta refreshes to a javascript: URL) in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.9.7 with the BasicEnabled profile selected during installation. Other versions may also be affected.

Comment 1 Matt Fleming (RETIRED) gentoo-dev

2007-08-29 18:28:18 UTC

CC'ing herd and setting whiteboard status.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-08-30 08:03:21 UTC

*** Bug 190097 has been marked as a duplicate of this bug. ***

Comment 3 Gunnar Wrobel (RETIRED) gentoo-dev

2007-09-15 13:30:47 UTC

Tikiwiki-1.9.8 is in the tree. 

1.9.6 was marked stable on ppc.

Target archs:

ppc

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2007-09-15 13:35:52 UTC

Changing whiteboard to stable and proposing C4 as severity level, also reference to CVE.

Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev

2007-09-17 17:21:28 UTC

ppc stable

Comment 6 Gunnar Wrobel (RETIRED) gentoo-dev

2007-09-17 17:48:16 UTC

thanks tobias! removed insecure versions from the tree. web-apps is done here.

Comment 7 Tobias Heinlein (RETIRED) gentoo-dev

2007-09-17 20:50:27 UTC

A GLSA is not needed here, closing.