Tiki » Tikiwiki Cms/groupware » 2.2 : Security Vulnerabilities, CVEs,
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
Max CVSS
6.5
EPSS Score
0.08%
Published
2020-04-01
Updated
2020-04-03
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
Max CVSS
8.8
EPSS Score
0.09%
Published
2019-01-15
Updated
2019-01-18
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
Max CVSS
5.4
EPSS Score
0.05%
Published
2018-02-16
Updated
2018-03-13
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-02-06
Updated
2018-03-13
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
Max CVSS
6.1
EPSS Score
0.12%
Published
2020-02-12
Updated
2020-02-18
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
Max CVSS
5.0
EPSS Score
0.42%
Published
2012-07-12
Updated
2012-10-24
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
Max CVSS
4.3
EPSS Score
0.15%
Published
2012-10-01
Updated
2012-10-24
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
Max CVSS
6.1
EPSS Score
0.26%
Published
2020-01-15
Updated
2020-01-21
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.
Max CVSS
4.3
EPSS Score
0.88%
Published
2009-04-01
Updated
2018-10-10
9 vulnerabilities found