CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8966 – Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software
https://notcve.org/view.php?id=CVE-2020-8966
01 Apr 2020 — There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page. Se presenta una vulnerabilidad de Neutralización Inapropiada de Etiquetas HTML Relacionadas con Scripts en una Página Web (vulnerabilidad XSS Básica) en las páginas web php de Tiki-Wiki Groupware. Tiki-Wiki CMS todas... • https://sourceforge.net/p/tikiwiki/code/75455 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20719
https://notcve.org/view.php?id=CVE-2018-20719
15 Jan 2019 — In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. En Tiki en versiones anteriores a la 17.2, el componente "user task" es vulnerable a una inyección SQL mediante el parámetro show_history en tiki-user_tasks.php. • https://blog.ripstech.com/2018/scan-verify-patch-security-issues-in-minutes • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14849
https://notcve.org/view.php?id=CVE-2018-14849
13 Aug 2018 — Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 tiene Cross-Site Scripting (XSS) mediante los atributos link relacionados con lib/core/WikiParser/OutputLink.php y lib/parser/parserlib.php. • http://www.openwall.com/lists/oss-security/2018/08/02/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14850
https://notcve.org/view.php?id=CVE-2018-14850
13 Aug 2018 — Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. Vulnerabilidades Cross-Site Scripting (XSS) persistente en Tiki en versiones anteriores a la 18.2, 15.7 y 12.14 permiten que un usuario autenticado inyecte código JavaScript para obtener privilegios de administrador si un administrador abre una página wiki y mueve... • http://www.openwall.com/lists/oss-security/2018/08/02/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7290
https://notcve.org/view.php?id=CVE-2018-7290
09 Mar 2018 — Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. Existe Cross-Site Scripting (XSS) en Tiki, en versiones anteriores a la 12.13, 15.6, 17.2 y la 18.1. • http://www.openwall.com/lists/oss-security/2018/03/08/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7188
https://notcve.org/view.php?id=CVE-2018-7188
16 Feb 2018 — An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. Una vulnerabilidad de XSS (mediante una imagen SVG) en Tiki, en versiones anteriores a la 18, permite que un usuario autenticado obtenga privilegios de administrador si un administrador abre una página de wiki con una imagen SVG maliciosa. Esto está relacionado con lib/filegals/filegal... • http://openwall.com/lists/oss-security/2018/02/16/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7394
https://notcve.org/view.php?id=CVE-2016-7394
06 Feb 2018 — tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. tiki wiki cms groupware, en versiones iguales o anteriores a la 15.2, tiene una vulnerabilidad de XSS que permite que atacantes roben las cookies de los usuarios. • https://sourceforge.net/p/tikiwiki/code/59653 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 21EXPL: 0CVE-2017-14924
https://notcve.org/view.php?id=CVE-2017-14924
29 Sep 2017 — Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) mediante un elemento IMG en Tiki en versiones anteriores a 16.3, las versiones 17.x anteriores a 17.1, 12 LTS anteriores a 12.12 LTS y 15 LTS en ver... • http://openwall.com/lists/oss-security/2017/09/28/13 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 0%CPEs: 21EXPL: 0CVE-2017-14925
https://notcve.org/view.php?id=CVE-2017-14925
29 Sep 2017 — Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) mediante un elemento IMG en Tiki en versi... • http://openwall.com/lists/oss-security/2017/09/28/13 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 0CVE-2017-9145
https://notcve.org/view.php?id=CVE-2017-9145
26 Jun 2017 — TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. TikiFilter.php en Tiki Wiki CMS Groupware de las versiones 12.x hasta las 16.x no valida correctamente los parámetros imgsize o lang para evitar Cross-Site Scripting (XSS). • https://sourceforge.net/p/tikiwiki/code/62386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •