Vulnerabilities > Tiki
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-26 | CVE-2017-9145 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | 4.3 |
| 2017-05-31 | CVE-2017-9305 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 16.2 lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | 4.3 |
| 2017-01-20 | CVE-2016-10143 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 15.2 A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | 5.0 |
| 2016-12-23 | CVE-2016-9889 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. | 4.3 |
| 2013-11-06 | CVE-2013-4715 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-11-06 | CVE-2013-4714 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-10-08 | CVE-2012-5321 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 8.3 tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection." | 5.8 |
| 2012-10-01 | CVE-2011-4551 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. | 4.3 |
| 2012-07-12 | CVE-2012-3996 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | 5.0 |
| 2012-07-12 | CVE-2012-0911 | Deserialization of Untrusted Data vulnerability in Tiki Tikiwiki Cms/Groupware TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. | 9.8 |