Bug 212227 (CVE-2008-1047)

Summary:	www-apps/tikiwiki < 1.9.10.1 Cross-Site Scripting Vulnerability (CVE-2008-1047)
Product:	Gentoo Security	Reporter:	Hanno Böck <hanno>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	web-apps
Priority:	High	Keywords:	STABLEREQ
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description Hanno Böck gentoo-dev

2008-03-03 20:50:57 UTC

CVE-2008-1047:
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Beside, the bundled smarty lib may be affected (see #212147 ), that's unfixed till  latest version.

Comment 1 Benedikt Böhm (RETIRED) gentoo-dev

2008-03-03 21:36:02 UTC

www-apps/tikiwiki-1.9.10.1 in cvs, only ppc has a stable version

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-03-04 10:57:39 UTC

Does it also fix the issue in the smarty copy?

Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev

2008-03-04 20:57:34 UTC

ppc stable

Comment 4 Peter Volkov (RETIRED) gentoo-dev

2008-03-05 06:52:45 UTC

Fixed in release snapshot.

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2008-03-15 14:45:21 UTC

(In reply to comment #2)
> Does it also fix the issue in the smarty copy?

No, bug 213320.

Comment 6 Robert Buchholz (RETIRED) gentoo-dev

2008-03-15 14:46:19 UTC

This is a vote, I vote NO.

Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-03-15 16:24:26 UTC

NO too, and closing.