Vulnerabilities
Vulnerable Software
Tiki:  Security Vulnerabilities
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-11-20
Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-11-20
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
CVSS Score
9.8
EPSS Score
0.134
Published
2019-10-28
Tiki Wiki CMS Groupware 5.2 has XSS
CVSS Score
6.1
EPSS Score
0.012
Published
2019-10-28
Tiki Wiki CMS Groupware 5.2 has CSRF
CVSS Score
8.8
EPSS Score
0.008
Published
2019-10-28
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
CVSS Score
5.4
EPSS Score
0.009
Published
2019-08-22
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
CVSS Score
8.8
EPSS Score
0.01
Published
2019-01-15
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
CVSS Score
5.4
EPSS Score
0.007
Published
2018-08-13
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
CVSS Score
5.4
EPSS Score
0.007
Published
2018-08-13
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
CVSS Score
5.4
EPSS Score
0.005
Published
2018-03-09


Contact Us

Shodan ® - All rights reserved