Secunia Security Advisory - Blwood has discovered some vulnerabilities in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
1fecafce46170643a98a39d01ede1a0d1af4a0c24a79193361082576332a9fd9
TITLE:
TikiWiki Multiple Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID:
SA20334
VERIFY ADVISORY:
http://secunia.com/advisories/20334/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
TikiWiki 1.x
http://secunia.com/product/3356/
DESCRIPTION:
Blwood has discovered some vulnerabilities in TikiWiki, which can be
exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "days" and "offset" parameters in
tiki-lastchanges.php, "find" parameter in tiki-orphan_pages.php,
"offset" and "initial" parameter in tiki-listpages.php, "username"
parameter in tiki-remind_password.php, "offset" parameter in
tiki-admin_rssmodules.php, tiki-syslog.php,
tiki-admin_notifications.php, tiki-admin_content_templates.php and
tiki-admin_chat.php, and to the "numrows" parameter in
tiki-adminusers.php is not properly sanitised before being returned
to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session on context of an affected
site.
Example:
http://[host]/tiki/tiki-lastchanges.php?days="><scr<script>ipt>[code]</scr</script>ipt>>
The vulnerabilities have been confirmed in version 1.9.3.1. Other
versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Blwood
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------