Vulnerabilities > Tiki > Tikiwiki CMS Groupware > 17.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-01 | CVE-2020-8966 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. | 4.3 |
| 2019-01-15 | CVE-2018-20719 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | 6.5 |
| 2018-03-09 | CVE-2018-7290 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. | 3.5 |
| 2018-02-21 | CVE-2018-7303 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 17.1 The Calendar component in Tiki 17.1 allows HTML injection. | 3.5 |
| 2018-02-16 | CVE-2018-7188 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | 3.5 |