20 matches found
CVE-2024-46878
CVE-2024-46878 affects Tiki CMS before or equal to version 26.3. The vulnerability is a Cross-Site Scripting (XSS) in the page parameter of tiki-editpage.php, allowing an attacker to inject arbitrary JavaScript via a crafted payload. This can lead to access to sensitive information or unauthorize...
EUVD-2018-19024
Malware in sbrugna...
EUVD-2023-26963
Malicious code in bioql PyPI...
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...
CVE-2023-22852
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-importsheet.php...
CVE-2023-22850
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call...
CVE-2020-16131
Tiki before 21.2 allows XSS because \s/"' is not properly considered in lib/core/TikiFilter/PreventXss.php...
CVE-2018-7303
The Calendar component in Tiki 17.1 allows HTML injection...
CVE-2018-7188
An XSS vulnerability via an SVG image in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php...
CVE-2025-32461
wikipluginincludetpl in lib/wiki-plugins/wikipluginincludetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3...
PT-2025-15668 · Tiki · Tiki
Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 28.3 Tiki versions prior to 21.12 Tiki versions prior to 24.8 Tiki versions prior to 27.2 Description: The issue concerns the wikiplugin includetpl in lib/wiki-plugins/wikiplugin includetpl.php in Tiki, which mishandles...
CVE-2025-32461
wikipluginincludetpl in lib/wiki-plugins/wikipluginincludetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3...
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description...
CVE-2024-51507
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name...
PT-2024-34669 · Tiki · Tiki
Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 27.1 Description: The issue allows users with specific permissions to insert a stored XSS payload in the Name field when creating or editing an external wiki. This can lead to the execution of malicious scripts...
PT-2024-34668 · Tiki · Tiki
Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 27.1 Description: The issue allows users with specific permissions to insert a stored XSS payload in the description, potentially leading to security breaches. Recommendations: For versions prior to 27.1, update to...
Tiki 安全漏洞
Tiki is a suite of open source content management and portal applications from the Tiki community that can be used to create web applications, portals, corporate intranets, extranets, and more. A security vulnerability exists in Tiki version 27.0 and earlier, which originates from a user with...
CVE-2023-22852
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-importsheet.php...
Tiki Wiki CMS Groupware 25.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Tiki User Tasks Module SQL Injection Vulnerability
Tiki is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A SQL injection vulnerability exists in the User Tasks module in versions prior to Tiki 17.2,...