Tiki Tikiwiki Cms Groupware vulnerabilities
72 known vulnerabilities affecting tiki/tikiwiki_cms_groupware.
Total CVEs
72
CISA KEV
0
Public exploits
22
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH25MEDIUM42
Vulnerabilities
Page 4 of 4
CVE-2008-5319P4MEDIUMCVSS 5.0≤ 1.6.12008-12-03
CVE-2008-5319 [MEDIUM] CVE-2008-5319: Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to ti
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.
nvd
CVE-2005-3283P4MEDIUMCVSS 4.3≤ 1.9.1v1.9.02005-10-23
CVE-2005-3283 [MEDIUM] CWE-79 CVE-2005-3283: Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to injec
Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
nvd
CVE-2006-3047P4MEDIUMCVSS 4.3≤ 1.9.3.1v1.9.0+3 more2006-06-16
CVE-2006-3047 [MEDIUM] CWE-79 CVE-2006-3047: Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows re
Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
nvd
CVE-2007-4554P4MEDIUMCVSS 4.3v1.9.72007-08-28
CVE-2007-4554 [MEDIUM] CVE-2007-4554: Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Group
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
nvd
CVE-2007-6526P4MEDIUMCVSS 4.3≤ 1.9.8v1.6.1+8 more2007-12-27
CVE-2007-6526 [MEDIUM] CWE-79 CVE-2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows r
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
nvd
CVE-2005-3528P4MEDIUMCVSS 4.3v1.9.0v1.9.1+1 more2005-11-20
CVE-2005-3528 [MEDIUM] CWE-79 CVE-2005-3528: Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9
Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.
nvd
CVE-2006-4299P4MEDIUMCVSS 4.3v1.9.42006-08-23
CVE-2006-4299 [MEDIUM] CWE-79 CVE-2006-4299: Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote att
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
nvd
CVE-2008-1047P4MEDIUMCVSS 4.3≤ 1.6.12008-02-27
CVE-2008-1047 [MEDIUM] CWE-79 CVE-2008-1047: Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2006-6457P4MEDIUMCVSS 5.0v1.9.2v1.9.52006-12-11
CVE-2006-6457 [MEDIUM] CWE-200 CVE-2006-6457: tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to o
tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message.
nvd
CVE-2006-6162P4MEDIUMCVSS 4.3v1.9.62006-11-29
CVE-2006-6162 [MEDIUM] CWE-79 CVE-2006-6162: Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
nvd
CVE-2006-6163P4MEDIUMCVSS 4.3≤ 1.9.6v1.6.1+6 more2006-11-29
CVE-2006-6163 [MEDIUM] CWE-79 CVE-2006-6163: Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remo
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
nvd
CVE-2007-5683P4MEDIUMCVSS 4.3≤ 1.9.8.1v1.6.1+9 more2007-10-26
CVE-2007-5683 [MEDIUM] CWE-79 CVE-2007-5683: Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote att
Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php.
nvd
← Previous4 / 4