BIT-APPSMITH-2026-24042 Appsmith public apps can execute unpublished actions (viewMode confusion)

Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished edit-mode actions by sending viewMode=false or omitting it to POST /api/v1/actions/execute. This bypasses the...

CVE-2026-24042 Appsmith public apps can execute unpublished actions (viewMode confusion)

Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished edit-mode actions by sending viewMode=false or omitting it to POST /api/v1/actions/execute. This bypasses the...

CVE-2025-34113

An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the viewmode GET parameter in tiki-calendar.php. When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execu...

Tiki Wiki CMS 安全漏洞

Tiki Wiki CMS is a content management system from Tiki Inc. A security vulnerability exists in Tiki Wiki CMS versions 14.1, 12.4 LTS, 9.10 LTS, and 6.14, which stems from improper validation of the viewmode parameter input and could lead to command injection...

CVE-2020-13825

A cross-site scripting XSS vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter...

Tiki Wiki CMS Calendar Remote Code Execution Vulnerability

Tiki Wiki CMS Groupware is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A remote code execution vulnerability exists in the viewmode parameter of t...

Tiki-Wiki CMS Calendar Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Tiki-Wiki CMS Calendar Command Execution', 'Description' = %q Tiki-Wiki CMS's calendar module contains a remote code execution...

osfa.info XSS vulnerability

Vulnerable URL: http://www.osfa.info/?galleryID=103193=thumb'%22%26%25prompt/XSSPOSED/...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 viewmode, 2 fid, and 3 sortdir parameters, different vectors than CVE-2005-4460...