SECUNIA ADVISORY ID: SA28225

VERIFY ADVISORY: http://secunia.com/advisories/28225/

CRITICAL: Moderately critical

IMPACT: Unknown, Cross Site Scripting

SOFTWARE: Tikiwiki 1.x - http://secunia.com/product/3356/

DESCRIPTION: Some vulnerabilities have been reported in TikiWiki, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

1) Input passed into the "movies" parameter in tiki-listmovies.php is not properly sanitised before being used, which can be exploited to conduct directory traversal attacks.

2) Input passed to the "area_name" parameter in tiki-special_chars.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Certain unspecified vulnerabilities exist in tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php. More information is currently not available.

SOLUTION: Update to version 1.9.9. As a workaround, disable the "edit css", "games", and "galaxia" feature and delte tiki-listmovies.php and tiki-special_chars.php.

PROVIDED AND/OR DISCOVERED BY: The vendor credits:
1) Jesus Olmos Gonzalez, isecauditors
2) Mesut Timur, H-Labs
3) redflo

ORIGINAL ADVISORY: http://tikiwiki.org/ReleaseProcess199