Hiki Advisory 2005-07-21
Hiki Development Team
Hiki is a Wiki clone in Ruby. Hiki development team has discovered a Cross-Site Scripting vulnerability in a plugin function of Hiki.
- Hiki 0.8.0 - 0.8.1
- Hiki 0.6.6
- Not vulnerable
Hiki 0.8.2 escapes double quotes in plugin strings and fixes this vulnerability.
Hiki Development Team has released Version 0.8.2 as corrections of the vulnerability. Contact your vendor or distributor for a patch or an update as soon as possible. Please also refer to news and documentations published by vendors and distributors for the details.
Following documents are updated regularly. Please check for the latest version.
- Hiki Official Site http://hikiwiki.org/
- Cross site scripting - Wikipedia http://en.wikipedia.org/wiki/Cross_site_scripting
- 2005/07/22 1.0 <http
- //hikiwiki.org/en/advisory20050721.html>:First version in English.