Lucene search

K

CMS Groupware Security Vulnerabilities

cve
cve

CVE-2018-7303

The Calendar component in Tiki 17.1 allows HTML...

5.4CVSS

6.4AI Score

0.001EPSS

2022-10-03 04:21 PM
15
cve
cve

CVE-2018-7188

An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to...

5.4CVSS

5.3AI Score

0.001EPSS

2022-10-03 04:21 PM
28
cve
cve

CVE-2012-3996

TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3)...

6.8AI Score

0.005EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2011-4551

Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary...

5.9AI Score

0.002EPSS

2022-10-03 04:15 PM
247
cve
cve

CVE-2013-4714

Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.8AI Score

0.001EPSS

2022-10-03 04:14 PM
18
cve
cve

CVE-2013-4715

SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified...

8.7AI Score

0.002EPSS

2022-10-03 04:14 PM
20
cve
cve

CVE-2021-36550

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category...

5.4CVSS

5.3AI Score

0.001EPSS

2021-10-28 08:15 PM
25
cve
cve

CVE-2021-36551

TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event...

5.4CVSS

5.3AI Score

0.001EPSS

2021-10-28 08:15 PM
28
cve
cve

CVE-2020-29254

TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the...

8.8CVSS

8.7AI Score

0.003EPSS

2020-12-11 04:15 PM
23
cve
cve

CVE-2020-8966

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web...

6.5CVSS

6.4AI Score

0.001EPSS

2020-04-01 09:15 PM
21
cve
cve

CVE-2013-6022

A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary...

6.1CVSS

6AI Score

0.001EPSS

2020-02-12 10:15 PM
37
cve
cve

CVE-2011-4336

Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to...

6.1CVSS

5.9AI Score

0.003EPSS

2020-01-15 02:15 PM
28
cve
cve

CVE-2010-4241

Tiki Wiki CMS Groupware 5.2 has...

8.8CVSS

8.7AI Score

0.002EPSS

2019-10-28 03:15 PM
20
cve
cve

CVE-2010-4240

Tiki Wiki CMS Groupware 5.2 has...

6.1CVSS

6AI Score

0.001EPSS

2019-10-28 03:15 PM
20
cve
cve

CVE-2010-4239

Tiki Wiki CMS Groupware 5.2 has Local File...

9.8CVSS

9.4AI Score

0.027EPSS

2019-10-28 03:15 PM
21
cve
cve

CVE-2019-15314

tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId=...

5.4CVSS

5.6AI Score

0.001EPSS

2019-08-22 01:15 PM
21
cve
cve

CVE-2018-20719

In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history...

8.8CVSS

9AI Score

0.001EPSS

2019-01-15 04:29 PM
29
cve
cve

CVE-2018-14850

Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb...

5.4CVSS

5.4AI Score

0.001EPSS

2018-08-13 05:29 PM
18
cve
cve

CVE-2018-14849

Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and...

5.4CVSS

5.2AI Score

0.001EPSS

2018-08-13 05:29 PM
19
cve
cve

CVE-2018-7290

Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and...

5.4CVSS

5.3AI Score

0.001EPSS

2018-03-09 08:29 PM
24
cve
cve

CVE-2016-7394

tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's...

6.1CVSS

6.3AI Score

0.001EPSS

2018-02-06 04:29 PM
15
cve
cve

CVE-2017-14924

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to...

8CVSS

7.9AI Score

0.002EPSS

2017-09-30 01:29 AM
26
cve
cve

CVE-2017-14925

Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to...

8CVSS

7.7AI Score

0.002EPSS

2017-09-30 01:29 AM
25
cve
cve

CVE-2017-9145

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent...

6.1CVSS

6.2AI Score

0.001EPSS

2017-06-26 01:29 PM
23
cve
cve

CVE-2017-9305

lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on...

6.1CVSS

6AI Score

0.002EPSS

2017-05-31 04:29 AM
19
cve
cve

CVE-2016-10143

A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL...

7.5CVSS

7.3AI Score

0.003EPSS

2017-01-20 08:59 AM
39
cve
cve

CVE-2016-9889

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is...

6.1CVSS

6.2AI Score

0.001EPSS

2016-12-23 05:59 AM
13
cve
cve

CVE-2012-5321

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame...

6.8AI Score

0.01EPSS

2012-10-08 06:55 PM
18
cve
cve

CVE-2012-0911

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b)...

9.8CVSS

9.5AI Score

0.947EPSS

2012-07-12 07:55 PM
113
cve
cve

CVE-2010-1134

SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate...

8.7AI Score

0.003EPSS

2010-03-27 07:07 PM
26
cve
cve

CVE-2010-1135

The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie...

7.1AI Score

0.013EPSS

2010-03-27 07:07 PM
28
cve
cve

CVE-2010-1133

Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2)...

8.8AI Score

0.004EPSS

2010-03-27 07:07 PM
22
cve
cve

CVE-2010-1136

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in...

6.9AI Score

0.013EPSS

2010-03-27 07:07 PM
26
cve
cve

CVE-2003-1574

TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party...

7.4AI Score

0.008EPSS

2009-08-24 10:30 AM
16
cve
cve

CVE-2009-1204

Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4)...

5.8AI Score

0.009EPSS

2009-04-01 01:30 AM
22
cve
cve

CVE-2008-5319

Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than...

6.4AI Score

0.003EPSS

2008-12-03 06:30 PM
25
cve
cve

CVE-2008-5318

Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than...

6.4AI Score

0.003EPSS

2008-12-03 06:30 PM
18
cve
cve

CVE-2008-3653

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack...

6.5AI Score

0.002EPSS

2008-08-13 01:41 AM
16
4
cve
cve

CVE-2008-3654

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown...

6.5AI Score

0.002EPSS

2008-08-13 01:41 AM
16
cve
cve

CVE-2008-1047

Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.7AI Score

0.003EPSS

2008-02-27 07:44 PM
14
cve
cve

CVE-2007-6526

Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name...

5.5AI Score

0.003EPSS

2007-12-27 10:46 PM
17
cve
cve

CVE-2007-6529

Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3)...

6.6AI Score

0.009EPSS

2007-12-27 10:46 PM
20
cve
cve

CVE-2007-6528

Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie...

6.4AI Score

0.017EPSS

2007-12-27 10:46 PM
21
cve
cve

CVE-2007-5682

Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than...

7.3AI Score

0.962EPSS

2007-10-26 06:46 PM
42
cve
cve

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language...

7.3AI Score

0.014EPSS

2007-10-26 06:46 PM
23
cve
cve

CVE-2007-5683

Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to.....

5.9AI Score

0.001EPSS

2007-10-26 06:46 PM
14
cve
cve

CVE-2007-5423

tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by...

7.4AI Score

0.962EPSS

2007-10-12 11:17 PM
90
cve
cve

CVE-2007-4554

Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to...

5.5AI Score

0.011EPSS

2007-08-28 12:17 AM
18
cve
cve

CVE-2006-6457

tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error...

6.3AI Score

0.003EPSS

2006-12-11 05:28 PM
23
cve
cve

CVE-2006-6168

tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on...

6.6AI Score

0.011EPSS

2006-11-29 02:28 AM
70
Total number of security vulnerabilities73