[pkg-tikiwiki-devel] Bug#384796: CVE-2006-4299: Cross-site
scripting (XSS) vulnerability in tikiwiki
Stefan Fritsch
sf at sfritsch.de
Sat Aug 26 19:36:11 UTC 2006
Package: tikiwiki
Severity: important
Tags: security
>From CVE-2006-4299:
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in
TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script
or HTML via the highlight parameter.
See http://secunia.com/advisories/21536 for details.
Please mention the CVE-id in the changelog.
More information about the pkg-tikiwiki-devel
mailing list