VYPR

Vendor CVEs

Tiki

All CVEs

89 total · sorted by risk
  • CVE-2020-16131Aug 3, 2020
    risk 0.00cvss epss 0.01

    Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.

  • CVE-2020-8966Apr 1, 2020
    risk 0.00cvss epss 0.01

    There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a…

  • CVE-2013-6022Feb 12, 2020
    risk 0.00cvss epss 0.01

    A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.

  • CVE-2011-4455Nov 20, 2019
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.

  • CVE-2010-4240Oct 28, 2019
    risk 0.00cvss epss 0.01

    Tiki Wiki CMS Groupware 5.2 has XSS

  • CVE-2010-4241Oct 28, 2019
    risk 0.00cvss epss 0.01

    Tiki Wiki CMS Groupware 5.2 has CSRF

  • CVE-2019-15314Aug 22, 2019
    risk 0.00cvss epss 0.01

    tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.

  • CVE-2018-20719Jan 15, 2019
    risk 0.00cvss epss 0.01

    In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.

  • CVE-2013-4715Nov 6, 2013
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2013-4714Nov 6, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-1136Mar 27, 2010
    risk 0.00cvss epss 0.02

    The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

  • CVE-2010-1135Mar 27, 2010
    risk 0.00cvss epss 0.02

    The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.

  • CVE-2010-1134Mar 27, 2010
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.

  • CVE-2010-1133Mar 27, 2010
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.

  • CVE-2003-1574Aug 24, 2009
    risk 0.00cvss epss 0.02

    TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5319Dec 3, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.

  • CVE-2008-5318Dec 3, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.

  • CVE-2008-3654Aug 13, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.

  • CVE-2008-3653Aug 13, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.

  • CVE-2008-1047Feb 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-6529Dec 27, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.

  • CVE-2007-6526Dec 27, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.

  • CVE-2007-5682Oct 26, 2007
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than…

  • CVE-2007-5683Oct 26, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the…

  • CVE-2007-4554Aug 28, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.

  • CVE-2006-6457Dec 11, 2006
    risk 0.00cvss epss 0.01

    tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.

  • CVE-2006-6168Nov 29, 2006
    risk 0.00cvss epss 0.03

    tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."

  • CVE-2006-6162Nov 29, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2006-6163Nov 29, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.

  • CVE-2006-4734Sep 13, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.

  • CVE-2006-4299Aug 23, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party…

  • CVE-2006-3047Jun 16, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

  • CVE-2006-3048Jun 16, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

  • CVE-2005-3529Nov 20, 2005
    risk 0.00cvss epss 0.01

    tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.

  • CVE-2005-3528Nov 20, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.

  • CVE-2005-1925Nov 18, 2005
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.

  • CVE-2005-3283Oct 23, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2005-0200May 2, 2005
    risk 0.00cvss epss 0.02

    TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.

  • CVE-2004-1386Dec 31, 2004
    risk 0.00cvss epss 0.02

    TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.

Page 2 of 2