Vulnerabilities > Tiki > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-22 | CVE-2019-15314 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 18.4 tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | 5.4 |
| 2018-08-13 | CVE-2018-14850 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. | 5.4 |
| 2018-08-13 | CVE-2018-14849 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. | 5.4 |
| 2018-03-09 | CVE-2018-7290 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. | 5.4 |
| 2018-02-21 | CVE-2018-7303 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 17.1 The Calendar component in Tiki 17.1 allows HTML injection. | 5.4 |
| 2018-02-21 | CVE-2018-7302 | Cross-site Scripting vulnerability in Tiki 17.1 Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. | 5.4 |
| 2018-02-16 | CVE-2018-7188 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | 5.4 |
| 2018-02-06 | CVE-2016-7394 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. | 6.1 |
| 2017-06-26 | CVE-2017-9145 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | 6.1 |
| 2017-05-31 | CVE-2017-9305 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 16.2 lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | 6.1 |