All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
6.1CVSS
6.6AI Score
0.001EPSS
Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize...
7.2CVSS
7.2AI Score
0.001EPSS
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize...
8.8CVSS
8.9AI Score
0.001EPSS
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an...
8.8CVSS
8.9AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.0005EPSS
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login...
9.8CVSS
8.6AI Score
0.009EPSS
6.1CVSS
6.5AI Score
0.001EPSS
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web...
6.1CVSS
7.1AI Score
0.001EPSS
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary...
6.1CVSS
6.1AI Score
0.001EPSS
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex...
7.2CVSS
7.3AI Score
0.015EPSS
Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4)...
6.1CVSS
6.1AI Score
0.001EPSS
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4)...
6.1CVSS
6.1AI Score
0.001EPSS
5.4CVSS
5.4AI Score
0.001EPSS
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User...
8.8CVSS
7.1AI Score
0.001EPSS