CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16131
https://notcve.org/view.php?id=CVE-2020-16131
03 Aug 2020 — Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. Tiki versiones anteriores a 21.2, permite un ataque de tipo XSS porque [\s\/"\'] no es considerado apropiadamente en la biblioteca lib/core/TikiFilter/PreventXss.php • https://gitlab.com/tikiwiki/tiki/-/commit/d12d6ea7b025d3b3f81c8a71063fe9f89e0c4bf1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8966 – Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software
https://notcve.org/view.php?id=CVE-2020-8966
01 Apr 2020 — There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. Se presenta una vulnerabilidad de Neutralización Inapropiada de Etiquetas HTML Relacionadas con Scripts en una Página Web (vulnerabilidad XSS Básica) en las páginas web php de Tiki-Wiki Groupware. Tiki-Wiki CMS todas... • https://sourceforge.net/p/tikiwiki/code/75455 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6022
https://notcve.org/view.php?id=CVE-2013-6022
12 Feb 2020 — A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Tiki Wiki CMG Groupware versión 11.0, por medio del id paraZeroClipboard.swf, lo que podría permitir a un usuario malicioso remoto ejecutar código arbitrario. • http://www.kb.cert.org/vuls/id/450646 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 3%CPEs: 1EXPL: 2CVE-2011-4558 – Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection
https://notcve.org/view.php?id=CVE-2011-4558
27 Jan 2020 — Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. Tiki versión 8.2 y anteriores, permiten a administradores remotos ejecutar código PHP arbitrario por medio de una entrada diseñada a los parámetros regexres y regex. • https://www.exploit-db.com/exploits/18265 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4336 – Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4336
15 Jan 2020 — Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. Tiki Wiki CMS Groupware versión 7.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro GET "ajax" en el archivo snarf_ajax.php. • https://www.exploit-db.com/exploits/35974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4455
https://notcve.org/view.php?id=CVE-2011-4455
20 Nov 2019 — Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. Múltiples vulnerabilidades de tipo cross-site scripting en Tiki versiones 7.2 y anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de la información de ruta en el archivo (1) tiki-admin_system.php, (2) tiki-pagehis... • https://packetstormsecurity.com/files/107082/Tiki-Wiki-CMS-Groupware-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2011-4454
https://notcve.org/view.php?id=CVE-2011-4454
20 Nov 2019 — Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. Múltiples vulnerabilidades de tipo cross-site scripting en Tiki versión 8.0 RC1 y anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de la información de ruta en el archivo (1) tiki-remind_password.php, (2) tiki-index.php, (... • https://packetstormsecurity.com/files/107082/Tiki-Wiki-CMS-Groupware-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 45%CPEs: 1EXPL: 1CVE-2010-4239
https://notcve.org/view.php?id=CVE-2010-4239
28 Oct 2019 — Tiki Wiki CMS Groupware 5.2 has Local File Inclusion Tiki Wiki CMS Groupware versión 5.2, tiene una Inclusión de Archivos Local. • https://access.redhat.com/security/cve/cve-2010-4239 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4240
https://notcve.org/view.php?id=CVE-2010-4240
28 Oct 2019 — Tiki Wiki CMS Groupware 5.2 has XSS Tiki Wiki CMS Groupware versión 5.2, tiene una vulnerabilidad de tipo XSS • https://access.redhat.com/security/cve/cve-2010-4240 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4241
https://notcve.org/view.php?id=CVE-2010-4241
28 Oct 2019 — Tiki Wiki CMS Groupware 5.2 has CSRF Tiki Wiki CMS Groupware versión 5.2, tiene una vulnerabilidad de tipo CSRF • https://access.redhat.com/security/cve/cve-2010-4241 • CWE-352: Cross-Site Request Forgery (CSRF) •