Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index.
6.1CVSS
6.1AI Score
0.001EPSS
Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.
6.1CVSS
6.1AI Score
0.001EPSS
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
7.2CVSS
7.3AI Score
0.015EPSS
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
5.4CVSS
5.8AI Score
0.001EPSS
Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.
8.8CVSS
8.8AI Score
0.001EPSS
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
9.8CVSS
9.3AI Score
0.009EPSS
Tiki before 21.2 allows XSS because [\s/"'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
6.1CVSS
5.9AI Score
0.001EPSS
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
8.8CVSS
8.9AI Score
0.001EPSS
Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.
7.2CVSS
7.1AI Score
0.001EPSS
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
6.5CVSS
6.4AI Score
0.001EPSS
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
8.8CVSS
8.9AI Score
0.001EPSS
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, Bu...
6.1CVSS
6.1AI Score
0.001EPSS