Tiki: >> Tikiwiki Cms/groupware >> 10.4 Security Vulnerabilities
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-04-01
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-12
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-01-15
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-02-16
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-06