Published:2013/11/05  Last Updated:2013/11/05

JVN#81813850
Tiki Wiki CMS Groupware vulnerable to cross-site scripting

Overview

Tiki Wiki CMS Groupware (Tiki) contains a cross-site scripting vulnerability.

Products Affected

  • Tiki versions prior to 11.1
  • Tiki versions prior to 10.4
  • Tiki versions prior to 9.7LTS
  • Tiki versions prior to 6.13LTS

Description

Tiki Wiki CMS Groupware (Tiki) is a content management system (CMS). Tiki contains a cross-site scripting vulnerability.

Impact

An arbitrary script may be executed on the web browser of an user who is logged in.

Solution

Apply an Update
Apply the appropriate update for the version of the software being used.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2013-4714
JVN iPedia JVNDB-2013-000099