CVE-2020-8966 – Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software
https://notcve.org/view.php?id=CVE-2020-8966
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. Se presenta una vulnerabilidad de Neutralización Inapropiada de Etiquetas HTML Relacionadas con Scripts en una Página Web (vulnerabilidad XSS Básica) en las páginas web php de Tiki-Wiki Groupware. Tiki-Wiki CMS todas las versiones hasta 20.0 permite a usuarios maliciosos causar la inyección de fragmentos de código malicioso (scripts) en una página web legítima. • https://sourceforge.net/p/tikiwiki/code/75455 https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2013-6022
https://notcve.org/view.php?id=CVE-2013-6022
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Tiki Wiki CMG Groupware versión 11.0, por medio del id paraZeroClipboard.swf, lo que podría permitir a un usuario malicioso remoto ejecutar código arbitrario. • http://www.kb.cert.org/vuls/id/450646 http://www.securityfocus.com/bid/63463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4336 – Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4336
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. Tiki Wiki CMS Groupware versión 7.0, presenta una vulnerabilidad de tipo XSS por medio del parámetro GET "ajax" en el archivo snarf_ajax.php. • https://www.exploit-db.com/exploits/35974 https://seclists.org/bugtraq/2011/Nov/140 https://www.securityfocus.com/bid/48806/info • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4239
https://notcve.org/view.php?id=CVE-2010-4239
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion Tiki Wiki CMS Groupware versión 5.2, tiene una Inclusión de Archivos Local. • https://access.redhat.com/security/cve/cve-2010-4239 https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt https://security-tracker.debian.org/tracker/CVE-2010-4239 https://www.openwall.com/lists/oss-security/2010/11/22/9 • CWE-20: Improper Input Validation •
CVE-2010-4240
https://notcve.org/view.php?id=CVE-2010-4240
Tiki Wiki CMS Groupware 5.2 has XSS Tiki Wiki CMS Groupware versión 5.2, tiene una vulnerabilidad de tipo XSS • https://access.redhat.com/security/cve/cve-2010-4240 https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt https://security-tracker.debian.org/tracker/CVE-2010-4240 https://www.openwall.com/lists/oss-security/2010/11/22/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •