Tikiwiki CMS\/groupware
by Tiki
Source repositories
CVEs (71)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5321 | 0.04 | — | 0.08 | Oct 8, 2012 | tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection." | |||
| CVE-2007-6528 | 0.04 | — | 0.09 | Dec 27, 2007 | Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter. | |||
| CVE-2004-1926 | 0.04 | — | 0.07 | Apr 11, 2004 | Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a… | |||
| CVE-2011-4336 | 0.03 | — | 0.08 | Jan 15, 2020 | Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. | |||
| CVE-2011-4551 | 0.03 | — | 0.02 | Oct 1, 2012 | Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. | |||
| CVE-2012-3996 | 0.03 | — | 0.05 | Jul 12, 2012 | TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | |||
| CVE-2009-1204 | 0.03 | — | 0.05 | Apr 1, 2009 | Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4)… | |||
| CVE-2007-5684 | 0.03 | — | 0.03 | Oct 26, 2007 | Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in… | |||
| CVE-2006-5703 | 0.03 | — | 0.02 | Nov 4, 2006 | Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. | |||
| CVE-2006-2635 | 0.03 | — | 0.04 | May 30, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<script>" in (1) offset and (2) days parameters in (a)… | |||
| CVE-2004-1928 | 0.03 | — | 0.03 | Apr 12, 2004 | The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL. | |||
| CVE-2004-1925 | 0.03 | — | 0.01 | Apr 12, 2004 | Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4)… | |||
| CVE-2004-1923 | 0.03 | — | 0.03 | Apr 11, 2004 | Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an… | |||
| CVE-2004-1924 | 0.03 | — | 0.02 | Apr 11, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php,… | |||
| CVE-2004-1927 | 0.03 | — | 0.04 | Apr 11, 2004 | Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. | |||
| CVE-2021-36551 | 0.00 | — | 0.00 | Oct 28, 2021 | TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module. | |||
| CVE-2020-8966 | 0.00 | — | 0.01 | Apr 1, 2020 | There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a… | |||
| CVE-2013-6022 | 0.00 | — | 0.01 | Feb 12, 2020 | A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | |||
| CVE-2010-4240 | 0.00 | — | 0.01 | Oct 28, 2019 | Tiki Wiki CMS Groupware 5.2 has XSS | |||
| CVE-2010-4241 | 0.00 | — | 0.01 | Oct 28, 2019 | Tiki Wiki CMS Groupware 5.2 has CSRF |
- CVE-2012-5321Oct 8, 2012risk 0.04cvss —epss 0.08
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
- CVE-2007-6528Dec 27, 2007risk 0.04cvss —epss 0.09
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
- CVE-2004-1926Apr 11, 2004risk 0.04cvss —epss 0.07
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a…
- CVE-2011-4336Jan 15, 2020risk 0.03cvss —epss 0.08
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
- CVE-2011-4551Oct 1, 2012risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
- CVE-2012-3996Jul 12, 2012risk 0.03cvss —epss 0.05
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
- CVE-2009-1204Apr 1, 2009risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4)…
- CVE-2007-5684Oct 26, 2007risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in…
- CVE-2006-5703Nov 4, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
- CVE-2006-2635May 30, 2006risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<script>" in (1) offset and (2) days parameters in (a)…
- CVE-2004-1928Apr 12, 2004risk 0.03cvss —epss 0.03
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
- CVE-2004-1925Apr 12, 2004risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4)…
- CVE-2004-1923Apr 11, 2004risk 0.03cvss —epss 0.03
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an…
- CVE-2004-1924Apr 11, 2004risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php,…
- CVE-2004-1927Apr 11, 2004risk 0.03cvss —epss 0.04
Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.
- CVE-2021-36551Oct 28, 2021risk 0.00cvss —epss 0.00
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
- CVE-2020-8966Apr 1, 2020risk 0.00cvss —epss 0.01
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a…
- CVE-2013-6022Feb 12, 2020risk 0.00cvss —epss 0.01
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
- CVE-2010-4240Oct 28, 2019risk 0.00cvss —epss 0.01
Tiki Wiki CMS Groupware 5.2 has XSS
- CVE-2010-4241Oct 28, 2019risk 0.00cvss —epss 0.01
Tiki Wiki CMS Groupware 5.2 has CSRF
Page 2 of 4