Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tikiwiki cms groupware vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-5703
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote malicious users to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
Tiki Tikiwiki Cms\\/groupware 1.9.5
1 EDB exploit
9.8
CVSSv3
CVE-2010-4239
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
Tiki Tikiwiki Cms\\/groupware 5.2
NA
CVE-2007-4554
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote malicious users to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
Tiki Tikiwiki Cms\\/groupware 1.9.7
6.1
CVSSv3
CVE-2017-9305
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote malicious users to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
Tiki Tikiwiki Cms\\/groupware 16.2
6.1
CVSSv3
CVE-2010-4240
Tiki Wiki CMS Groupware 5.2 has XSS
Tiki Tikiwiki Cms\\/groupware 5.2
8.8
CVSSv3
CVE-2010-4241
Tiki Wiki CMS Groupware 5.2 has CSRF
Tiki Tikiwiki Cms\\/groupware 5.2
NA
CVE-2006-4602
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and previous versions allows remote malicious users to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
Tiki Tikiwiki Cms\\/groupware 1.9.4
2 EDB exploits
NA
CVE-2006-4734
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote malicious users to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
Tiki Tikiwiki Cms\\/groupware 1.9.4
7.5
CVSSv3
CVE-2016-10143
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote malicious user to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
Tiki Tikiwiki Cms\\/groupware 15.2
5.4
CVSSv3
CVE-2021-36551
TikiWiki v21.4 exists to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
Tiki Tikiwiki Cms\\/groupware 21.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »