Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tikiwiki cms groupware vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-9305
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote malicious users to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
Tiki Tikiwiki Cms\\/groupware 16.2
7.5
CVSSv3
CVE-2016-10143
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote malicious user to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
Tiki Tikiwiki Cms\\/groupware 15.2
6.1
CVSSv3
CVE-2016-9889
Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x prior to 12.10 LTS, 15.x prior to 15.3 LTS, and 16.x prior to 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.
Tiki Tikiwiki Cms\\/groupware 16.0
Tiki Tikiwiki Cms\\/groupware 15.2
Tiki Tikiwiki Cms\\/groupware 12.5
Tiki Tikiwiki Cms\\/groupware 12.4
Tiki Tikiwiki Cms\\/groupware 12.3
Tiki Tikiwiki Cms\\/groupware 12.9
Tiki Tikiwiki Cms\\/groupware 12.8
Tiki Tikiwiki Cms\\/groupware 12.0
Tiki Tikiwiki Cms\\/groupware 15.1
Tiki Tikiwiki Cms\\/groupware 15.0
Tiki Tikiwiki Cms\\/groupware 12.2
Tiki Tikiwiki Cms\\/groupware 12.1
Tiki Tikiwiki Cms\\/groupware 12.7
Tiki Tikiwiki Cms\\/groupware 12.6
NA
CVE-2013-4714
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS prior to 6.13LTS, 9 LTS prior to 9.7LTS, 10.x prior to 10.4, and 11.x prior to 11.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Tiki Tikiwiki Cms\\/groupware 9.0
Tiki Tikiwiki Cms\\/groupware 6.12
Tiki Tikiwiki Cms\\/groupware 9.6
Tiki Tikiwiki Cms\\/groupware 9.5
Tiki Tikiwiki Cms\\/groupware 9.4
Tiki Tikiwiki Cms\\/groupware 10.0
Tiki Tikiwiki Cms\\/groupware 11.0
Tiki Tikiwiki Cms\\/groupware 6.8
Tiki Tikiwiki Cms\\/groupware 6.10
Tiki Tikiwiki Cms\\/groupware 9.2
Tiki Tikiwiki Cms\\/groupware 9.1
Tiki Tikiwiki Cms\\/groupware 10.3
Tiki Tikiwiki Cms\\/groupware 10.1
Tiki Tikiwiki Cms\\/groupware 6.9
Tiki Tikiwiki Cms\\/groupware 6.11
Tiki Tikiwiki Cms\\/groupware 9.3
Tiki Tikiwiki Cms\\/groupware 10.2
NA
CVE-2013-4715
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS prior to 6.13LTS, 9 LTS prior to 9.7LTS, 10.x prior to 10.4, and 11.x prior to 11.1 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Tiki Tikiwiki Cms\\/groupware 6.12
Tiki Tikiwiki Cms\\/groupware 9.6
Tiki Tikiwiki Cms\\/groupware 9.5
Tiki Tikiwiki Cms\\/groupware 9.4
Tiki Tikiwiki Cms\\/groupware 10.0
Tiki Tikiwiki Cms\\/groupware 11.0
Tiki Tikiwiki Cms\\/groupware 9.0
Tiki Tikiwiki Cms\\/groupware 6.8
Tiki Tikiwiki Cms\\/groupware 6.10
Tiki Tikiwiki Cms\\/groupware 9.2
Tiki Tikiwiki Cms\\/groupware 9.1
Tiki Tikiwiki Cms\\/groupware 10.3
Tiki Tikiwiki Cms\\/groupware 10.1
Tiki Tikiwiki Cms\\/groupware 6.9
Tiki Tikiwiki Cms\\/groupware 6.11
Tiki Tikiwiki Cms\\/groupware 9.3
Tiki Tikiwiki Cms\\/groupware 10.2
NA
CVE-2012-5321
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote malicious users to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
Tiki Tikiwiki Cms\\/groupware 8.3
1 EDB exploit
NA
CVE-2011-4551
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware prior to 8.2 and LTS prior to 6.5 allows remote malicious users to inject arbitrary web script or HTML via arbitrary parameters.
Tiki Tikiwiki Cms\\/groupware 7.2
Tiki Tikiwiki Cms\\/groupware 6.1
Tiki Tikiwiki Cms\\/groupware 4.1
Tiki Tikiwiki Cms\\/groupware 4
Tiki Tikiwiki Cms\\/groupware 3.5
Tiki Tikiwiki Cms\\/groupware 2.2
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 8.0
Tiki Tikiwiki Cms\\/groupware 7.0
Tiki Tikiwiki Cms\\/groupware 3.1
Tiki Tikiwiki Cms\\/groupware 3.0
Tiki Tikiwiki Cms\\/groupware 3.3
Tiki Tikiwiki Cms\\/groupware 3.2
Tiki Tikiwiki Cms\\/groupware 5.1
Tiki Tikiwiki Cms\\/groupware 5.0
Tiki Tikiwiki Cms\\/groupware 5.2
Tiki Tikiwiki Cms\\/groupware 5.3
Tiki Tikiwiki Cms\\/groupware 7.1
Tiki Tikiwiki Cms\\/groupware 6.0
Tiki Tikiwiki Cms\\/groupware 6.2
Tiki Tikiwiki Cms\\/groupware 4.2
Tiki Tikiwiki Cms\\/groupware 4.0
1 EDB exploit
NA
CVE-2012-3996
TikiWiki CMS/Groupware 8.3 and previous versions allows remote malicious users to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
Tiki Tikiwiki Cms\\/groupware 7.2
Tiki Tikiwiki Cms\\/groupware 7.0
Tiki Tikiwiki Cms\\/groupware 5.0
Tiki Tikiwiki Cms\\/groupware 4.1
Tiki Tikiwiki Cms\\/groupware 3.3
Tiki Tikiwiki Cms\\/groupware 3.5
Tiki Tikiwiki Cms\\/groupware 6.1
Tiki Tikiwiki Cms\\/groupware 6.0
Tiki Tikiwiki Cms\\/groupware 5.3
Tiki Tikiwiki Cms\\/groupware 5.2
Tiki Tikiwiki Cms\\/groupware 2.2
Tiki Tikiwiki Cms\\/groupware
Tiki Tikiwiki Cms\\/groupware 8.1
Tiki Tikiwiki Cms\\/groupware 8.0
Tiki Tikiwiki Cms\\/groupware 4.0
Tiki Tikiwiki Cms\\/groupware 4
Tiki Tikiwiki Cms\\/groupware 3.1
Tiki Tikiwiki Cms\\/groupware 3.0
Tiki Tikiwiki Cms\\/groupware 7.1
Tiki Tikiwiki Cms\\/groupware 6.2
Tiki Tikiwiki Cms\\/groupware 5.1
Tiki Tikiwiki Cms\\/groupware 4.2
2 EDB exploits
9.8
CVSSv3
CVE-2012-0911
TikiWiki CMS/Groupware prior to 6.7 LTS and prior to 8.4 allows remote malicious users to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.p...
Tiki Tikiwiki Cms\\/groupware
2 EDB exploits
NA
CVE-2010-1134
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x prior to 3.5 allows remote malicious users to execute arbitrary SQL commands via the $searchDate variable.
Tiki Tikiwiki Cms\\/groupware 3.3
Tiki Tikiwiki Cms\\/groupware 3.4
Tiki Tikiwiki Cms\\/groupware 3.1
Tiki Tikiwiki Cms\\/groupware 3.2
Tiki Tikiwiki Cms\\/groupware 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »