Some vulnerabilities have been reported in TikiWiki, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed into the "movies" parameter in tiki-listmovies.php is not properly sanitised before being used, which can be exploited to conduct directory traversal attacks.
2) Input passed to the "area_name" parameter in tiki-special_chars.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Certain unspecified vulnerabilities exist in tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php. More information is currently not available.
Update to version 1.9.9.
Web-apps, please bump.
could someone please add "CVE-2007-6526" to the topic?
I dont have the permissions i need to do that
same for CVE-2007-6528 and CVE-2007-6529
1.9.9 is in the tree.
This is a vote. I'd go for a YES because of the directory traversal which allows arbitrary file read.
Voting YES and filing.
Removed insecure version. webapps done.
GLSA 200801-10;, thanks everyone