Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tikiwiki cms groupware vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-7188
An XSS vulnerability (via an SVG image) in Tiki prior to 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
Tiki Tikiwiki Cms\\/groupware
7.5
CVSSv3
CVE-2016-10143
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote malicious user to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
Tiki Tikiwiki Cms\\/groupware 15.2
5.4
CVSSv3
CVE-2019-15314
tiki/tiki-upload_file.php in Tiki 18.4 allows remote malicious users to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
Tiki Tikiwiki Cms\\/groupware 18.4
5.4
CVSSv3
CVE-2021-36550
TikiWiki v21.4 exists to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
Tiki Tikiwiki Cms\\/groupware 21.4
5.4
CVSSv3
CVE-2021-36551
TikiWiki v21.4 exists to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
Tiki Tikiwiki Cms\\/groupware 21.4
NA
CVE-2003-1574
TikiWiki 1.6.1 allows remote malicious users to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
Tiki Tikiwiki Cms\\/groupware 1.6.1
5.4
CVSSv3
CVE-2018-7303
The Calendar component in Tiki 17.1 allows HTML injection.
Tiki Tikiwiki Cms\\/groupware 17.1
6.1
CVSSv3
CVE-2010-4240
Tiki Wiki CMS Groupware 5.2 has XSS
Tiki Tikiwiki Cms\\/groupware 5.2
8.8
CVSSv3
CVE-2020-29254
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote malicious user to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF...
Tiki Tikiwiki Cms\\/groupware 21.2
1 Github repository
NA
CVE-2006-6162
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote malicious users to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third...
Tiki Tikiwiki Cms\\/groupware 1.9.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »