CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

EUVD-2024-55494

A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...

Pluck CMS 4.7.4 Cross Site Request Forgery

============================================== Exploit Title : pluck-cms vulnerability CSRF Reported Date : 8 - 10 - 2017 Exploit Author : Ashiyane Digital Security Team CWE: CSRF - 352 Tested On : kali Linux Vendor Homepage : https://www.pluck-cms.org/ Software Link :...

CVE-2005-1925

Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via 1 the suckurl parameter to tiki-editpage.php or 2 language parameter to tiki-userpreferences.php...

TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki installed on the remote host fails to sanitize input to the 'language' parameter of the 'tiki-userpreferences.php' script before using it in a PHP 'include' function. An authenticated...