CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15314
https://notcve.org/view.php?id=CVE-2019-15314
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. El archivo tiki/tiki-upload_file.php en Tiki versión 18.4, permite a atacantes remotos cargar código JavaScript que es ejecutado al visitar un URI tiki/tiki-download_file.php?display&fileId=. • https://pastebin.com/wEM7rnG7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20719
https://notcve.org/view.php?id=CVE-2018-20719
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. En Tiki en versiones anteriores a la 17.2, el componente "user task" es vulnerable a una inyección SQL mediante el parámetro show_history en tiki-user_tasks.php. • https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14849
https://notcve.org/view.php?id=CVE-2018-14849
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 tiene Cross-Site Scripting (XSS) mediante los atributos link relacionados con lib/core/WikiParser/OutputLink.php y lib/parser/parserlib.php. • http://www.openwall.com/lists/oss-security/2018/08/02/1 http://www.openwall.com/lists/oss-security/2018/08/02/2 https://sourceforge.net/p/tikiwiki/code/66809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14850
https://notcve.org/view.php?id=CVE-2018-14850
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. Vulnerabilidades Cross-Site Scripting (XSS) persistente en Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 permiten que un usuario autenticado inyecte código JavaScript para obtener privilegios de administrador si un administrador abre una página wiki y mueve el cursor del ratón a un enlace modificado o una imagen thumb. • http://www.openwall.com/lists/oss-security/2018/08/02/1 http://www.openwall.com/lists/oss-security/2018/08/02/2 https://sourceforge.net/p/tikiwiki/code/66990 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7290
https://notcve.org/view.php?id=CVE-2018-7290
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. Existe Cross-Site Scripting (XSS) en Tiki, en versiones anteriores a la 12.13, 15.6, 17.2 y la 18.1. • http://www.openwall.com/lists/oss-security/2018/03/08/5 https://sourceforge.net/p/tikiwiki/code/65537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •