CVE-2024-51508

Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index...

CVE-2023-22851

Tiki before 24.2 allows lib/importer/tikiimporterblogwordpress.php PHP Object Injection by an admin because of an unserialize call...

CVE-2023-22853

Tiki before 24.1, when featurecreatewebhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval...

PT-2023-18729 · Tiki · Tiki

Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 24.1 Description: The issue allows PHP Object Injection in lib/structures/structlib.php due to an eval when the feature create webhelp is enabled. Recommendations: For versions prior to 24.1, update to version 24.1 or...

CVE-2018-14850

Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image...

Tiki CSV Injection Vulnerability

Tiki is a suite of open source content management and portal applications from the Tiki software community that can be used to create Web applications, portals, corporate intranets, extranets, and more. A security vulnerability exists in Tiki version 17.1 that stems from the program's failure to...

CVE-2018-7188

An XSS vulnerability via an SVG image in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php...