The Tiki Wiki CMS Groupware project has released a security patch for its stable and LTS (long term support) versions. Both versions are available for immediate download.
Both releases address an XSS vulnerability identified by Mario Gomes and Marc Laporte using the Vega security scanner (http://subgraph.com) and other XSS vulnerabilities reported by Stefan Schurtz (http://www.infoserve.de). Refer to the release notes and change logs for complete information.
All Tiki administrators are highly encouraged to upgrade to version 6.5 or 8.2. You can download these version (and all other Tiki releases) from http://tiki.org/download .
Tiki Wiki CMS Groupware is a full-featured, web-based, multilingual (35+ languages), tightly integrated, all-in-one Wiki+CMS+Groupware, Free Source Software (GNU/LGPL), using PHP, MySQL, Zend Framework, jQuery, and Smarty. Actively developed by a very large international community, Tiki can be used to create all kinds of Web applications, sites, portals, knowledge bases, intranets, and extranets. It was formerly named TikiWiki. Tiki is managed by the Tiki Software Community Association. For more information, visit http://tiki.org.