Medium severity6.1NVD Advisory· Published Jun 26, 2017· Updated May 13, 2026
CVE-2017-9145
CVE-2017-9145
Description
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.
Affected products
23cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.0:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.3:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.4:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.5:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.6:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.7:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.8:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:12.9:*:lts:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.3:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:15.4:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:16.1:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:16.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- sourceforge.net/p/tikiwiki/code/62386nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.