Vulnerabilities > Tiki > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-14 | CVE-2023-22852 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | 6.5 |
| 2020-12-11 | CVE-2020-29254 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware 21.2 TikiWiki 21.2 allows templates to be edited without CSRF protection. | 6.8 |
| 2020-08-03 | CVE-2020-16131 | Cross-site Scripting vulnerability in Tiki Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. | 4.3 |
| 2020-04-01 | CVE-2020-8966 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. | 4.3 |
| 2020-02-12 | CVE-2013-6022 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | 4.3 |
| 2020-01-27 | CVE-2011-4558 | Injection vulnerability in Tiki Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. | 6.0 |
| 2020-01-15 | CVE-2011-4336 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. | 4.3 |
| 2019-11-20 | CVE-2011-4455 | Cross-site Scripting vulnerability in Tiki Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. | 4.3 |
| 2019-11-20 | CVE-2011-4454 | Cross-site Scripting vulnerability in Tiki Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. | 4.3 |
| 2019-10-28 | CVE-2010-4241 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware 5.2 Tiki Wiki CMS Groupware 5.2 has CSRF | 6.8 |