Filtered by vendor Tiki Subscriptions
Filtered by product Tikiwiki Cms\/groupware Subscriptions

Search

Switch to Advanced Search (Beta)
Total 73 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-15314 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
CVE-2018-7303 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
The Calendar component in Tiki 17.1 allows HTML injection.
CVE-2018-7290 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
CVE-2018-7188 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
CVE-2018-20719 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.
CVE-2018-14850 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
CVE-2018-14849 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
CVE-2016-7394 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 N/A
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
CVE-2013-6022 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 6.1 Medium
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
CVE-2011-4336 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 6.1 Medium
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
CVE-2010-4241 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 8.8 High
Tiki Wiki CMS Groupware 5.2 has CSRF
CVE-2010-4240 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 6.1 Medium
Tiki Wiki CMS Groupware 5.2 has XSS
CVE-2010-4239 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 9.8 Critical
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion