Vulnerabilities > Tiki > Tikiwiki CMS Groupware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-11 | CVE-2020-29254 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware 21.2 TikiWiki 21.2 allows templates to be edited without CSRF protection. | 6.8 |
| 2020-04-01 | CVE-2020-8966 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. | 4.3 |
| 2020-02-12 | CVE-2013-6022 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | 4.3 |
| 2020-01-15 | CVE-2011-4336 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php. | 4.3 |
| 2019-10-28 | CVE-2010-4241 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware 5.2 Tiki Wiki CMS Groupware 5.2 has CSRF | 6.8 |
| 2019-10-28 | CVE-2010-4240 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 5.2 Tiki Wiki CMS Groupware 5.2 has XSS | 4.3 |
| 2019-01-15 | CVE-2018-20719 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter. | 6.5 |
| 2018-02-06 | CVE-2016-7394 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. | 4.3 |
| 2017-09-30 | CVE-2017-14925 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. | 6.0 |
| 2017-09-30 | CVE-2017-14924 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. | 6.0 |