// For flags

CVE-2012-5321

Tiki Wiki CMS Groupware - 'url' Open Redirection

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."

tiki-featured_link.php en TikiWiki CMS/Groupware 8.3, permite a atacantes remotos para cargar arbitrarias páginas del sitio web en marcos y llevar a cabo ataques de phishing a través del parámetro url, también conocido como "inyección de marco".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-02-18 First Exploit
  • 2012-10-08 CVE Reserved
  • 2012-10-08 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tiki
Search vendor "Tiki"
 Tikiwiki Cms\/groupware
Search vendor "Tiki" for product "Tikiwiki Cms\/groupware"
 8.3
Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version "8.3"
-
Affected