CVE-2010-4241
https://notcve.org/view.php?id=CVE-2010-4241
Tiki Wiki CMS Groupware 5.2 has CSRF Tiki Wiki CMS Groupware versión 5.2, tiene una vulnerabilidad de tipo CSRF • https://access.redhat.com/security/cve/cve-2010-4241 https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt https://security-tracker.debian.org/tracker/CVE-2010-4241 https://www.openwall.com/lists/oss-security/2010/11/22/9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-20719
https://notcve.org/view.php?id=CVE-2018-20719
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. En Tiki en versiones anteriores a la 17.2, el componente "user task" es vulnerable a una inyección SQL mediante el parámetro show_history en tiki-user_tasks.php. • https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-14849
https://notcve.org/view.php?id=CVE-2018-14849
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 tiene Cross-Site Scripting (XSS) mediante los atributos link relacionados con lib/core/WikiParser/OutputLink.php y lib/parser/parserlib.php. • http://www.openwall.com/lists/oss-security/2018/08/02/1 http://www.openwall.com/lists/oss-security/2018/08/02/2 https://sourceforge.net/p/tikiwiki/code/66809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14850
https://notcve.org/view.php?id=CVE-2018-14850
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. Vulnerabilidades Cross-Site Scripting (XSS) persistente en Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 permiten que un usuario autenticado inyecte código JavaScript para obtener privilegios de administrador si un administrador abre una página wiki y mueve el cursor del ratón a un enlace modificado o una imagen thumb. • http://www.openwall.com/lists/oss-security/2018/08/02/1 http://www.openwall.com/lists/oss-security/2018/08/02/2 https://sourceforge.net/p/tikiwiki/code/66990 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-7290
https://notcve.org/view.php?id=CVE-2018-7290
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. Existe Cross-Site Scripting (XSS) en Tiki, en versiones anteriores a la 12.13, 15.6, 17.2 y la 18.1. • http://www.openwall.com/lists/oss-security/2018/03/08/5 https://sourceforge.net/p/tikiwiki/code/65537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •