Menu
▾
▴
Re: [Tikiwiki-devel] Fwd: TikiWiki "highlight" Cross-Site Scripting Vulnerability
|
From: bertrand G. <ber...@to...> - 2006-08-27 16:22:52
|
Bonjour, Michael Jennings wrote: > On Sunday, 27 August 2006, at 08:34:41 (+0200), > Marcus Better wrote: > > >> Yes, there is now a CVE number for it: >> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4299 >> >> So, is anything being done about it? >> > > Feedback on my proposed patch is greatly appreciated: > > http://www.securityfocus.com/archive/1/444423/30/0/threaded > > Michael > > After some discussions in irc , I applied it on a more general way. http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-setup_base.php?r1=1.78.2.44&r2=1.78.2.46&pathrev=BRANCH-1-9 I hope minimal effect on standard search highlight commodity. XSS attacks should be blocked. Thanks for the suggestion , looking to get your feedback. -- toggg |