Tiki: >> Tikiwiki Cms/groupware >> 18.1 Security Vulnerabilities
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-04-01
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-08-13
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-08-13