Vulnerabilities > Tiki > Tikiwiki CMS Groupware > 1.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-01 | CVE-2020-8966 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. | 4.3 |
| 2020-02-12 | CVE-2013-6022 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | 4.3 |
| 2020-01-15 | CVE-2011-4336 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. | 4.3 |
| 2019-01-15 | CVE-2018-20719 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | 6.5 |
| 2018-02-16 | CVE-2018-7188 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | 3.5 |
| 2018-02-06 | CVE-2016-7394 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. | 4.3 |
| 2012-10-01 | CVE-2011-4551 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. | 4.3 |
| 2012-07-12 | CVE-2012-3996 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | 5.0 |
| 2009-08-24 | CVE-2003-1574 | Improper Authentication vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. | 7.5 |
| 2008-12-03 | CVE-2008-5319 | Multiple Unspecified vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653. | 5.0 |