[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Tue, 31 Mar 2009 21:13:00 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: Steven Christey <coley@...us.mitre.org>
Subject: Re: CVE request: < tikiwiki 2.3: XSS
======================================================
Name: CVE-2009-1204
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1204
Reference: BUGTRAQ:20090312 TikiWiki 2.2 XSS Vulnerability in URI
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/501702/100/0/threaded
Reference: CONFIRM:http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=2359&trackerId=5&show=view&reloff=3&cant=1229&status=o&trackerId=5&sort_mode=created_desc
Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=51
Reference: CONFIRM:http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txt?view=markup
Reference: BID:34105
Reference: URL:http://www.securityfocus.com/bid/34105
Reference: BID:34106
Reference: URL:http://www.securityfocus.com/bid/34106
Reference: BID:34107
Reference: URL:http://www.securityfocus.com/bid/34107
Reference: BID:34108
Reference: URL:http://www.securityfocus.com/bid/34108
Reference: SECUNIA:34273
Reference: URL:http://secunia.com/advisories/34273
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki)
CMS/Groupware 2.2 allows remote attackers to inject arbitrary web
script or HTML via the PHP_SELF portion of a URI to (1)
tiki-galleries.php, (2) tiki-list_file_gallery.php, (3)
tiki-listpages.php, and (4) tiki-orphan_pages.php.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux