cbcvebase.

Tiki Tikiwiki Cms Groupware vulnerabilities

72 known vulnerabilities affecting tiki/tikiwiki_cms_groupware.

Total CVEs
72
CISA KEV
0
Public exploits
22
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH25MEDIUM42

Vulnerabilities

Page 3 of 4
CVE-2005-1925P4HIGHCVSS 7.5≤ 1.9.0v1.6.1+1 more2005-11-18
CVE-2005-1925 [HIGH] CWE-22 CVE-2005-1925: Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.
nvd
CVE-2008-3653P4CRITICALCVSS 10.0≤ 1.9.9v1.6.1+10 more2008-08-13
CVE-2008-3653 [CRITICAL] CVE-2008-3653: Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and at Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.
nvd
CVE-2019-15314P4MEDIUMCVSS 5.4v18.42019-08-22
CVE-2019-15314 [MEDIUM] CWE-79 CVE-2019-15314: tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is exe tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
nvd
CVE-2017-9305P4MEDIUMCVSS 6.1v16.22017-05-31
CVE-2017-9305 [MEDIUM] CWE-79 CVE-2017-9305: lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
nvd
CVE-2016-9889P4MEDIUMCVSS 6.1v12.0v12.1+12 more2016-12-23
CVE-2016-9889 [MEDIUM] CWE-79 CVE-2016-9889: Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.
nvd
CVE-2013-6022P4MEDIUMCVSS 6.1≤ 11.02020-02-12
CVE-2013-6022 [MEDIUM] CWE-79 CVE-2013-6022: A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZer A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
nvd
CVE-2020-8966P4MEDIUMCVSS 6.1≤ 20.02020-04-01
CVE-2020-8966 [MEDIUM] CWE-80 CVE-2020-8966: There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerabil There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
nvd
CVE-2018-14850P4MEDIUMCVSS 5.4≥ 12.0, < 12.14≥ 15.0, < 15.7+1 more2018-08-13
CVE-2018-14850 [MEDIUM] CWE-79 CVE-2018-14850: Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
nvd
CVE-2018-7303P4MEDIUMCVSS 5.4v17.12018-02-21
CVE-2018-7303 [MEDIUM] CWE-79 CVE-2018-7303: The Calendar component in Tiki 17.1 allows HTML injection. The Calendar component in Tiki 17.1 allows HTML injection.
nvd
CVE-2018-7188P4MEDIUMCVSS 5.4fixed in 182018-02-16
CVE-2018-7188 [MEDIUM] CWE-79 CVE-2018-7188: An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain admin An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
nvd
CVE-2017-9145P4MEDIUMCVSS 6.1v12.0v12.1+21 more2017-06-26
CVE-2017-9145 [MEDIUM] CWE-79 CVE-2017-9145: TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize o TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.
nvd
CVE-2016-7394P4MEDIUMCVSS 6.1≤ 15.22018-02-06
CVE-2016-7394 [MEDIUM] CWE-79 CVE-2016-7394: tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
nvd
CVE-2018-14849P4MEDIUMCVSS 5.4≥ 12.0, < 12.14≥ 15.0, < 15.7+1 more2018-08-13
CVE-2018-14849 [MEDIUM] CWE-79 CVE-2018-14849: Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputL Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
nvd
CVE-2018-7290P4MEDIUMCVSS 5.4≥ 12.0, < 12.13≥ 15.0, < 15.6+2 more2018-03-09
CVE-2018-7290 [MEDIUM] CWE-79 CVE-2018-7290: Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
nvd
CVE-2021-36551P4MEDIUMCVSS 5.4v21.42021-10-28
CVE-2021-36551 [MEDIUM] CWE-79 CVE-2021-36551: TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
nvd
CVE-2021-36550P4MEDIUMCVSS 5.4v21.42021-10-28
CVE-2021-36550 [MEDIUM] CWE-79 CVE-2021-36550: TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
nvd
CVE-2005-3529P4MEDIUMCVSS 5.0v1.9.0v1.9.1+1 more2005-11-20
CVE-2005-3529 [MEDIUM] CWE-200 CVE-2005-3529: tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the ins tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.
nvd
CVE-2013-4714P4MEDIUMCVSS 4.3v6.8v6.9+15 more2013-11-06
CVE-2013-4714 [MEDIUM] CWE-79 CVE-2013-4714: Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS befo Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2008-3654P4MEDIUMCVSS 5.0≤ 1.9.9v1.6.1+10 more2008-08-13
CVE-2008-3654 [MEDIUM] CVE-2008-3654: Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
nvd
CVE-2008-5318P4MEDIUMCVSS 5.0≤ 1.6.12008-12-03
CVE-2008-5318 [MEDIUM] CVE-2008-5318: Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "s Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.
nvd
Tiki Tikiwiki Cms Groupware vulnerabilities | cvebase