Vulnerabilities > Tiki > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-28 | CVE-2021-36551 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 21.4 TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. | 3.5 |
| 2021-10-28 | CVE-2021-36550 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 21.4 TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. | 3.5 |
| 2019-08-22 | CVE-2019-15314 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 18.4 tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | 3.5 |
| 2018-08-13 | CVE-2018-14849 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. | 3.5 |
| 2018-08-13 | CVE-2018-14850 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. | 3.5 |
| 2018-03-09 | CVE-2018-7290 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. | 3.5 |
| 2018-02-21 | CVE-2018-7302 | Cross-site Scripting vulnerability in Tiki 17.1 Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. | 3.5 |
| 2018-02-21 | CVE-2018-7303 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 17.1 The Calendar component in Tiki 17.1 allows HTML injection. | 3.5 |
| 2018-02-16 | CVE-2018-7188 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | 3.5 |