CVE-2021-36551
https://notcve.org/view.php?id=CVE-2021-36551
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module. Se ha detectado que TikiWiki versión v21.4 contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente tiki-calendar.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada en el módulo Add Event • https://github.com/r0ck3t1973/xss_payload/issues/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-36550
https://notcve.org/view.php?id=CVE-2021-36550
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module. Se ha detectado que TikiWiki versión v21.4 contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el componente tiki-browse_categories.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada en el módulo Create category • https://github.com/r0ck3t1973/xss_payload/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-29254
https://notcve.org/view.php?id=CVE-2020-29254
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. • https://github.com/S1lkys/CVE-2020-29254 https://github.com/S1lkys/CVE-2020-29254/blob/main/Tiki-Wiki%2021.2%20by%20Maximilian%20Barz.pdf https://youtu.be/Uc3sRBitu50 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-8966 – Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software
https://notcve.org/view.php?id=CVE-2020-8966
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. Se presenta una vulnerabilidad de Neutralización Inapropiada de Etiquetas HTML Relacionadas con Scripts en una Página Web (vulnerabilidad XSS Básica) en las páginas web php de Tiki-Wiki Groupware. Tiki-Wiki CMS todas las versiones hasta 20.0 permite a usuarios maliciosos causar la inyección de fragmentos de código malicioso (scripts) en una página web legítima. • https://sourceforge.net/p/tikiwiki/code/75455 https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2013-6022
https://notcve.org/view.php?id=CVE-2013-6022
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Tiki Wiki CMG Groupware versión 11.0, por medio del id paraZeroClipboard.swf, lo que podría permitir a un usuario malicioso remoto ejecutar código arbitrario. • http://www.kb.cert.org/vuls/id/450646 http://www.securityfocus.com/bid/63463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •