Published: 23/12/2016 Updated: 27/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x prior to 12.10 LTS, 15.x prior to 15.3 LTS, and 16.x prior to 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. The impact is XSS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tiki tikiwiki cms\\/groupware 16.0
tiki tikiwiki cms\\/groupware 15.2
tiki tikiwiki cms\\/groupware 12.5
tiki tikiwiki cms\\/groupware 12.4
tiki tikiwiki cms\\/groupware 12.3
tiki tikiwiki cms\\/groupware 12.9
tiki tikiwiki cms\\/groupware 12.8
tiki tikiwiki cms\\/groupware 12.0
tiki tikiwiki cms\\/groupware 15.1
tiki tikiwiki cms\\/groupware 15.0
tiki tikiwiki cms\\/groupware 12.2
tiki tikiwiki cms\\/groupware 12.1
tiki tikiwiki cms\\/groupware 12.7
tiki tikiwiki cms\\/groupware 12.6

CWE-79 https://tiki.org/article443-Security-update-Tiki-16-1-Tiki-15-3-and-Tiki-12-10-released http://www.securityfocus.com/bid/95083 http://www.securitytracker.com/id/1037531 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-9889

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect