JVN#81813850: Tiki Wiki CMS Groupware vulnerable to cross-site scripting

Overview

Tiki Wiki CMS Groupware (Tiki) contains a cross-site scripting vulnerability.

Products Affected

Tiki versions prior to 11.1
Tiki versions prior to 10.4
Tiki versions prior to 9.7LTS
Tiki versions prior to 6.13LTS

Description

Tiki Wiki CMS Groupware (Tiki) is a content management system (CMS). Tiki contains a cross-site scripting vulnerability.

Impact

An arbitrary script may be executed on the web browser of an user who is logged in.

Solution

Apply an Update
Apply the appropriate update for the version of the software being used.

Vendor Status

Vendor	Link
Tiki	New Versions of all supported versions of Tiki Wiki CMS-Groupware
	Tiki Download

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2013-4714
JVN iPedia	JVNDB-2013-000099

JVN#81813850 Tiki Wiki CMS Groupware vulnerable to cross-site scripting