CVE-2010-4241
https://notcve.org/view.php?id=CVE-2010-4241
Tiki Wiki CMS Groupware 5.2 has CSRF Tiki Wiki CMS Groupware versión 5.2, tiene una vulnerabilidad de tipo CSRF • https://access.redhat.com/security/cve/cve-2010-4241 https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt https://security-tracker.debian.org/tracker/CVE-2010-4241 https://www.openwall.com/lists/oss-security/2010/11/22/9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-15314
https://notcve.org/view.php?id=CVE-2019-15314
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. El archivo tiki/tiki-upload_file.php en Tiki versión 18.4, permite a atacantes remotos cargar código JavaScript que es ejecutado al visitar un URI tiki/tiki-download_file.php?display&fileId=. • https://pastebin.com/wEM7rnG7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20719
https://notcve.org/view.php?id=CVE-2018-20719
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. En Tiki en versiones anteriores a la 17.2, el componente "user task" es vulnerable a una inyección SQL mediante el parámetro show_history en tiki-user_tasks.php. • https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-14849
https://notcve.org/view.php?id=CVE-2018-14849
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 tiene Cross-Site Scripting (XSS) mediante los atributos link relacionados con lib/core/WikiParser/OutputLink.php y lib/parser/parserlib.php. • http://www.openwall.com/lists/oss-security/2018/08/02/1 http://www.openwall.com/lists/oss-security/2018/08/02/2 https://sourceforge.net/p/tikiwiki/code/66809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14850
https://notcve.org/view.php?id=CVE-2018-14850
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. Vulnerabilidades Cross-Site Scripting (XSS) persistente en Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 permiten que un usuario autenticado inyecte código JavaScript para obtener privilegios de administrador si un administrador abre una página wiki y mueve el cursor del ratón a un enlace modificado o una imagen thumb. • http://www.openwall.com/lists/oss-security/2018/08/02/1 http://www.openwall.com/lists/oss-security/2018/08/02/2 https://sourceforge.net/p/tikiwiki/code/66990 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •