Shodan
Vulnerabilities
Vulnerable Software
Tiki:  Security Vulnerabilities
CVE-2024-51506
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-28
CVE-2024-51507
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-28
CVE-2024-51508
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-28
CVE-2024-51509
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-28
CVE-2023-22851
Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-01-14
CVE-2023-22850
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
CVSS Score
8.8
EPSS Score
0.01
Published
2023-01-14
CVE-2023-22852
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-14
CVE-2023-22853
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-01-14
CVE-2021-36550
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-28
CVE-2021-36551
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved