In association with heise online

27 November 2006, 18:10

TikiWiki 1.9.7 more resistant to cross-site scripting

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 1.9.7 of the wiki software TikiWiki (an open-source Content Management System and groupware) improves protection against cross-site scripting. Apparently it was also possible for attackers to use TikiWiki registration to misuse the sending of registration confirmations.

The developers have made a number of improvements to the JavaScript filter in tiki-setup_base.php, so that problems with prepared links should no longer arise. In addition, the registration procedure in tiki-register.php now checks the e-mail address entered, even if this is not set in preferences.

The new version of the software is available to download from the TikiWiki webpage. Because of the fixes, administrators should update their TikiWiki installation for improved protection.

See also:

  • Changelog, list of changes in TikiWiki 1.9.7
  • Download the latest version of TikiWiki


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit