VYPR

Tikiwiki CMS\/groupware

by Tiki

Source repositories

CVEs (71)

  • CVE-2012-5321Oct 8, 2012
    risk 0.04cvss epss 0.08

    tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."

  • CVE-2007-6528Dec 27, 2007
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.

  • CVE-2004-1926Apr 11, 2004
    risk 0.04cvss epss 0.07

    Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a…

  • CVE-2011-4336Jan 15, 2020
    risk 0.03cvss epss 0.08

    Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.

  • CVE-2011-4551Oct 1, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.

  • CVE-2012-3996Jul 12, 2012
    risk 0.03cvss epss 0.05

    TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.

  • CVE-2009-1204Apr 1, 2009
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4)…

  • CVE-2007-5684Oct 26, 2007
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in…

  • CVE-2006-5703Nov 4, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.

  • CVE-2006-2635May 30, 2006
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<script>" in (1) offset and (2) days parameters in (a)…

  • CVE-2004-1928Apr 12, 2004
    risk 0.03cvss epss 0.03

    The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.

  • CVE-2004-1925Apr 12, 2004
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4)…

  • CVE-2004-1923Apr 11, 2004
    risk 0.03cvss epss 0.03

    Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an…

  • CVE-2004-1924Apr 11, 2004
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php,…

  • CVE-2004-1927Apr 11, 2004
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter.

  • CVE-2021-36551Oct 28, 2021
    risk 0.00cvss epss 0.00

    TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.

  • CVE-2020-8966Apr 1, 2020
    risk 0.00cvss epss 0.01

    There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a…

  • CVE-2013-6022Feb 12, 2020
    risk 0.00cvss epss 0.01

    A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.

  • CVE-2010-4240Oct 28, 2019
    risk 0.00cvss epss 0.01

    Tiki Wiki CMS Groupware 5.2 has XSS

  • CVE-2010-4241Oct 28, 2019
    risk 0.00cvss epss 0.01

    Tiki Wiki CMS Groupware 5.2 has CSRF