CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4336 – Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4336
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. Tiki Wiki CMS Groupware versión 7.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro GET "ajax" en el archivo snarf_ajax.php. • https://www.exploit-db.com/exploits/35974 https://seclists.org/bugtraq/2011/Nov/140 https://www.securityfocus.com/bid/48806/info • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2010-4239
https://notcve.org/view.php?id=CVE-2010-4239
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion Tiki Wiki CMS Groupware versión 5.2, tiene una Inclusión de Archivos Local. • https://access.redhat.com/security/cve/cve-2010-4239 https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt https://security-tracker.debian.org/tracker/CVE-2010-4239 https://www.openwall.com/lists/oss-security/2010/11/22/9 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4240
https://notcve.org/view.php?id=CVE-2010-4240
Tiki Wiki CMS Groupware 5.2 has XSS Tiki Wiki CMS Groupware versión 5.2, tiene una vulnerabilidad de tipo XSS • https://access.redhat.com/security/cve/cve-2010-4240 https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt https://security-tracker.debian.org/tracker/CVE-2010-4240 https://www.openwall.com/lists/oss-security/2010/11/22/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4241
https://notcve.org/view.php?id=CVE-2010-4241
Tiki Wiki CMS Groupware 5.2 has CSRF Tiki Wiki CMS Groupware versión 5.2, tiene una vulnerabilidad de tipo CSRF • https://access.redhat.com/security/cve/cve-2010-4241 https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt https://security-tracker.debian.org/tracker/CVE-2010-4241 https://www.openwall.com/lists/oss-security/2010/11/22/9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15314
https://notcve.org/view.php?id=CVE-2019-15314
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. El archivo tiki/tiki-upload_file.php en Tiki versión 18.4, permite a atacantes remotos cargar código JavaScript que es ejecutado al visitar un URI tiki/tiki-download_file.php?display&fileId=. • https://pastebin.com/wEM7rnG7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •