Launchpad CVE tracker

CVE 2007-6526

Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.

Related bugs and status

CVE-2007-6526 (Candidate) is related to these bugs:

Bug #180702: Multiple vulnerabilities allow XSS and reading of arbitrary files

		In	Importance	Status
180702	Multiple vulnerabilities allow XSS and reading of arbitrary files	tikiwiki (Ubuntu)	Undecided	Invalid
180702	Multiple vulnerabilities allow XSS and reading of arbitrary files	tikiwiki (Ubuntu Feisty)	High	Fix Released
180702	Multiple vulnerabilities allow XSS and reading of arbitrary files	tikiwiki (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.h-labs.org/...
CONFIRM: http://tikiwiki.org/Re...
BID: 27004
SECUNIA: 28225
SREASON: 3483
GENTOO: GLSA-200801-10
SECUNIA: 28602
OSVDB: 41179
BUGTRAQ: 20071224 Tikiwiki 1.9....

Launchpad.net

CVE 2007-6526

Related bugs and status

Related bugs

References