Vulnerabilities > Tiki > Tikiwiki CMS Groupware > 10.2

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-8966 Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware.
network
tiki CWE-79
4.3
4.3
2020-02-12 CVE-2013-6022 Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
network
tiki CWE-79
4.3
4.3
2019-01-15 CVE-2018-20719 SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
network
low complexity
tiki CWE-89
6.5
6.5
2018-02-16 CVE-2018-7188 Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
network
tiki CWE-79
3.5
3.5
2018-02-06 CVE-2016-7394 Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
network
tiki CWE-79
4.3
4.3
2013-11-06 CVE-2013-4715 SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
tiki CWE-89
7.5
7.5
2013-11-06 CVE-2013-4714 Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
tiki CWE-79
4.3
4.3