A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-23
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-28
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-28
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-10-28
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-10-28