Sheela Sarva - Security Researcher - Exploit Intelligence Platform

CVE-2024-46878 NOMISEC MEDIUM WRITEUP

Tiki <=26.3 - XSS

A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.

CVSS 5.4

View Code

CVE-2024-46879 NOMISEC MEDIUM WORKING POC

Tiki 21.2 - XSS

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.

CVSS 5.4

View Code

CVE-2024-46878 WRITEUP MEDIUM WRITEUP

Tiki <=26.3 - XSS

A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.

CVSS 5.4

View Code

CVE-2024-46879 WRITEUP MEDIUM WORKING POC

Tiki 21.2 - XSS

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.

CVSS 5.4

View Code