TikiWiki Multiple Cross-Site Scripting Vulnerabilities
BID:18143
CVE-2006-2635 |Info
TikiWiki Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 18143 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2006 12:00AM |
| Updated: | Jun 08 2006 08:31PM |
| Credit: | Blwood is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
TikiWiki Project TikiWiki 1.9.3 1 TikiWiki Project TikiWiki 1.9.2 TikiWiki Project TikiWiki 1.9.1 .1 TikiWiki Project TikiWiki 1.9.1 TikiWiki Project TikiWiki 1.9 -rc3.1 TikiWiki Project TikiWiki 1.9 -rc3 TikiWiki Project TikiWiki 1.9 -rc2 TikiWiki Project TikiWiki 1.9 -rc1 |
| Not Vulnerable: |
TikiWiki Project TikiWiki 1.9.3.2 |
Discussion
TikiWiki Multiple Cross-Site Scripting Vulnerabilities
TikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
TikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
TikiWiki Multiple Cross-Site Scripting Vulnerabilities
These issues can be exploited through a web client.
The following proof-of-concept URI is available:
These issues can be exploited through a web client.
The following proof-of-concept URI is available:
Solution / Fix
TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released version 1.9.3.2 to address this issue.mailto:[email protected]
TikiWiki Project TikiWiki 1.9 -rc2
TikiWiki Project TikiWiki 1.9 -rc3
TikiWiki Project TikiWiki 1.9 -rc3.1
TikiWiki Project TikiWiki 1.9 -rc1
TikiWiki Project TikiWiki 1.9.1
TikiWiki Project TikiWiki 1.9.1 .1
TikiWiki Project TikiWiki 1.9.2
TikiWiki Project TikiWiki 1.9.3 1
Solution:
The vendor has released version 1.9.3.2 to address this issue.mailto:[email protected]
TikiWiki Project TikiWiki 1.9 -rc2
-
TikiWiki Project tikiwiki-1.9.3.2.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do wnload
TikiWiki Project TikiWiki 1.9 -rc3
-
TikiWiki Project tikiwiki-1.9.3.2.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do wnload
TikiWiki Project TikiWiki 1.9 -rc3.1
-
TikiWiki Project tikiwiki-1.9.3.2.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do wnload
TikiWiki Project TikiWiki 1.9 -rc1
-
TikiWiki Project tikiwiki-1.9.3.2.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do wnload
TikiWiki Project TikiWiki 1.9.1
-
TikiWiki Project tikiwiki-1.9.3.2.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do wnload
TikiWiki Project TikiWiki 1.9.1 .1
-
TikiWiki Project tikiwiki-1.9.3.2.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do wnload
TikiWiki Project TikiWiki 1.9.2
-
TikiWiki Project tikiwiki-1.9.3.2.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do wnload
TikiWiki Project TikiWiki 1.9.3 1
-
TikiWiki Project tikiwiki-1.9.3.2.tar.gz
http://prdownloads.sourceforge.net/tikiwiki/tikiwiki-1.9.3.2.tar.gz?do wnload
References
TikiWiki Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Tikiwiki 1.9.3.2 security release (TikiWiki)
- TikiWiki Homepage (TikiWiki Project)