Skip to main content

Tikiwiki Cms Groupware

21 CVEs product

Monthly

CVE-2021-36551 MEDIUM POC This Month

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36550 MEDIUM POC This Month

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-29254 HIGH POC This Week

TikiWiki 21.2 allows templates to be edited without CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-8966 MEDIUM PATCH This Month

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-15314 MEDIUM POC This Month

tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-14850 MEDIUM This Month

Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14849 MEDIUM This Month

Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-7290 MEDIUM PATCH This Month

Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7303 MEDIUM POC This Month

The Calendar component in Tiki 17.1 allows HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7188 MEDIUM PATCH This Month

An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2017-14925 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-14924 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2017-9145 MEDIUM PATCH This Month

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9305 MEDIUM POC PATCH This Month

lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Tikiwiki Cms Groupware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-10143 HIGH PATCH This Week

A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tikiwiki Cms Groupware
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-9889 MEDIUM This Month

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2013-4715 HIGH This Week

SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Tikiwiki Cms Groupware
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4714 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Tikiwiki Cms Groupware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5321 MEDIUM POC THREAT This Month

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 23.1%.

PHP Code Injection Tikiwiki Cms Groupware
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
23.1%
CVE-2012-3996 MEDIUM POC PATCH THREAT This Month

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

PHP Information Disclosure Tikiwiki Cms Groupware
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
16.2%
CVE-2012-0911 CRITICAL POC THREAT Emergency

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.9%.

PHP Deserialization Tikiwiki Cms Groupware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.9%
Threat
5.8
EPSS 0% CVSS 5.4
MEDIUM POC This Month

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tikiwiki Cms Groupware
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tikiwiki Cms Groupware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

TikiWiki 21.2 allows templates to be edited without CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tikiwiki Cms Groupware
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Tikiwiki Cms Groupware
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tikiwiki Cms Groupware
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tikiwiki Cms Groupware
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Calendar component in Tiki 17.1 allows HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tikiwiki Cms Groupware
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Tikiwiki Cms Groupware
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF PHP Tikiwiki Cms Groupware
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF PHP Tikiwiki Cms Groupware
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Tikiwiki Cms Groupware
NVD
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Tikiwiki Cms Groupware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tikiwiki Cms Groupware
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Tikiwiki Cms Groupware
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Tikiwiki Cms Groupware
NVD
EPSS 23% CVSS 5.8
MEDIUM POC THREAT This Month

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 23.1%.

PHP Code Injection Tikiwiki Cms Groupware
NVD Exploit-DB
EPSS 16% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

PHP Information Disclosure Tikiwiki Cms Groupware
NVD Exploit-DB
EPSS 78% 5.8 CVSS 9.8
CRITICAL POC THREAT Emergency

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.9%.

PHP Deserialization Tikiwiki Cms Groupware
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy