In association with heise online

« previous | next »
27 November 2006, 19:10

TikiWiki 1.9.7 more resistant to cross-site scripting

Version 1.9.7 of the wiki software TikiWiki (an open-source Content Management System and groupware) improves protection against cross-site scripting. Apparently it was also possible for attackers to use TikiWiki registration to misuse the sending of registration confirmations.

The developers have made a number of improvements to the JavaScript filter in tiki-setup_base.php, so that problems with prepared links should no longer arise. In addition, the registration procedure in tiki-register.php now checks the e-mail address entered, even if this is not set in preferences.

The new version of the software is available to download from the TikiWiki webpage. Because of the fixes, administrators should update their TikiWiki installation for improved protection.

See also:

  • Changelog, list of changes in TikiWiki 1.9.7
  • Download the latest version of TikiWiki

(trk)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-731870

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Gigabyte GeForce GTX 670 OC
  7. Crucial m4 SSD 128GB
  8. Diablo 3 (deutsch)
  9. Palit GeForce GTX 670
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit