Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.6.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-8966 |
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. Published: April 01, 2020; 5:15:15 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-6022 |
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. Published: February 12, 2020; 5:15:12 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2011-4336 |
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. Published: January 15, 2020; 9:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20719 |
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. Published: January 15, 2019; 11:29:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-7188 |
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. Published: February 16, 2018; 1:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-7394 |
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. Published: February 06, 2018; 11:29:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2011-4551 |
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. Published: September 30, 2012; 8:55:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3996 |
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. Published: July 12, 2012; 3:55:07 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2003-1574 |
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information. Published: August 24, 2009; 6:30:01 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-5319 |
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653. Published: December 03, 2008; 1:30:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-5318 |
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653. Published: December 03, 2008; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-3653 |
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. Published: August 12, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-3654 |
Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors. Published: August 12, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-1047 |
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 27, 2008; 2:44:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-6526 |
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. Published: December 27, 2007; 5:46:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-6528 |
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter. Published: December 27, 2007; 5:46:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-6529 |
Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php. Published: December 27, 2007; 5:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-5682 |
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. Published: October 26, 2007; 2:46:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-5683 |
Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php. Published: October 26, 2007; 2:46:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-5684 |
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php. Published: October 26, 2007; 2:46:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |