Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tiki tikiwiki cms\\/groupware 1.9.5 |
||
tiki tikiwiki cms\\/groupware 1.9.3 |
||
tiki tikiwiki cms\\/groupware 1.6.1 |
||
tiki tikiwiki cms\\/groupware |
||
tiki tikiwiki cms\\/groupware 1.9.7 |
||
tiki tikiwiki cms\\/groupware 1.9.1 |
||
tiki tikiwiki cms\\/groupware 1.9.0 |
||
tiki tikiwiki cms\\/groupware 1.9.6 |
||
tiki tikiwiki cms\\/groupware 1.9.4 |
||
tiki tikiwiki cms\\/groupware 1.9.2 |
||
tiki tikiwiki cms\\/groupware 1.9.8 |