Published: 11/04/2004 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 490

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Tikiwiki Cms\/groupware

Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tiki tikiwiki cms\\/groupware 1.6.1
tiki tikiwiki cms\\/groupware

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file uploa ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload tiki-s ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload m ...

TikiWiki Multiple Vulnerabilities Vendor: TikiWiki Project Product: TikiWiki Version: <= 181 Website: wwwtikiwikiorg/ BID: 10100 CVE: CVE-2004-1923 CVE-2004-1924 CVE-2004-1925 CVE-2004-1926 CVE-2004-1927 CVE-2004-1928 OSVDB: 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 52 ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file uploa ...

source: wwwsecurityfocuscom/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file uplo ...

CWE-79 http://tikiwiki.org/tiki-read_article.php?articleId=66 http://www.securityfocus.com/bid/10100 http://secunia.com/advisories/11344 http://marc.info/?l=bugtraq&m=108180073206947&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15846 https://nvd.nist.gov https://www.exploit-db.com/exploits/23958/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook