TikiWiki 1.9.7 more resistant to cross-site scripting
Version 1.9.7 of the wiki software TikiWiki (an open-source Content Management System and groupware) improves protection against cross-site scripting. Apparently it was also possible for attackers to use TikiWiki registration to misuse the sending of registration confirmations.
The developers have made a number of improvements to the JavaScript filter in tiki-setup_base.php, so that problems with prepared links should no longer arise. In addition, the registration procedure in tiki-register.php now checks the e-mail address entered, even if this is not set in preferences.
The new version of the software is available to download from the TikiWiki webpage. Because of the fixes, administrators should update their TikiWiki installation for improved protection.
(trk)