Unrated severityNVD Advisory· Published Apr 1, 2009· Updated Apr 23, 2026
CVE-2009-1204
CVE-2009-1204
Description
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.
Affected products
1- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:2.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- info.tikiwiki.org/tiki-read_article.phpnvdPatch
- tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/2.0/changelog.txtnvdPatch
- dev.tikiwiki.org/tiki-view_tracker_item.phpnvdExploitVendor Advisory
- www.securityfocus.com/bid/34105nvdExploit
- www.securityfocus.com/bid/34106nvdExploit
- www.securityfocus.com/bid/34107nvdExploit
- www.securityfocus.com/bid/34108nvdExploit
- secunia.com/advisories/34273nvdVendor Advisory
- www.securityfocus.com/archive/1/501702/100/0/threadednvd
News mentions
0No linked articles in our index yet.