| BDSA-2024-7876 |
|
High |
Oct 29, 2024 |
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
**Note: CVE detai
more...
Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2024-7875 |
|
High |
Oct 29, 2024 |
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
**Note: CVE detail
more...
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2024-7874 |
|
High |
Oct 29, 2024 |
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
**Note: CVE detai
more...
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2024-7872 |
|
High |
Oct 29, 2024 |
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored cross-site scripting (XSS) payloa
more...
Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored cross-site scripting (XSS) payload in the Name.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
| BDSA-2024-10311 |
|
High |
Dec 31, 2024 |
Tiki Wiki CMS is vulnerable to improper neutralization of script-related HTML tags in a web page due to insufficient sanitization of user input. This c
more...
Tiki Wiki CMS is vulnerable to improper neutralization of script-related HTML tags in a web page due to insufficient sanitization of user input. This could allow an attacker to inject malicious scripts, potentially leading to unauthorized actions or data theft.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2024-10310 |
|
High |
Dec 31, 2024 |
Tiki Wiki CMS is vulnerable to cross-site scripting due to improper neutralization of input during web page generation. This could allow an attacker to
more...
Tiki Wiki CMS is vulnerable to cross-site scripting due to improper neutralization of input during web page generation. This could allow an attacker to inject malicious scripts, potentially leading to unauthorized actions or data theft.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2024-10309 |
|
High |
Dec 31, 2024 |
Tiki Wiki CMS is vulnerable to improper neutralization of special elements used in an OS command due to inadequate input sanitization in command execut
more...
Tiki Wiki CMS is vulnerable to improper neutralization of special elements used in an OS command due to inadequate input sanitization in command execution functionality. This could allow an attacker to execute arbitrary OS commands, potentially leading to unauthorized access or control over the target system.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
