INFOSERVE-ADV2011-01 - Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
Advisory:
|
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
|
Advisory ID:
|
INFOSERVE-ADV2011-01
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on Tiki 7.2 & 8.0 RC1
|
Vendor URL:
|
|
Vendor Status:
|
fixed for Tiki 7 (New Tiki 6 LTS release in progress)
|
CVE-ID:
|
CVE-2011-4454, CVE-2011-4455
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple XSS vulnerabilities