CVE-2004-1924

Tiki CMS/Groupware < 1.8.1 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 12 public exploits for CVE-2004-1924. PoCs published by JeiAr.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in TikiWiki, including XSS via the 'faqId' parameter in 'tiki-view_faq.php'. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.

Exploits (12)

exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23961

The provided text describes multiple vulnerabilities in TikiWiki, including XSS via the 'faqId' parameter in 'tiki-view_faq.php'. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23962

The provided text describes multiple vulnerabilities in TikiWiki CMS, including XSS via the 'chartId' parameter in 'tiki-view_chart.php'. However, no functional exploit code is present.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23960

The provided text describes multiple vulnerabilities in TikiWiki CMS, including XSS via the 'galleryId' parameter in 'tiki-upload_file.php'. However, no functional exploit code is present.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23947

The provided text describes multiple vulnerabilities in TikiWiki CMS, including XSS via the 'theme' parameter in tiki-switch_theme.php. However, no functional exploit code is present, only a reference to a potential XSS vector.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23955

The provided text describes multiple vulnerabilities in TikiWiki CMS, including XSS via the 'articleId' parameter in 'tiki-read_article.php'. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23958

The provided text describes multiple vulnerabilities in TikiWiki CMS, including XSS via the 'articleId' parameter in 'tiki-print_article.php'. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23959

The provided text describes multiple vulnerabilities in TikiWiki CMS, including XSS via the 'galleryId' parameter in 'tiki-list_file_gallery.php'. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23957

The provided text describes multiple vulnerabilities in TikiWiki, including XSS via the 'page' and 'comments_threshold' parameters in tiki-index.php. No actual exploit code is present, only a reference to a SecurityFocus advisory.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki (version not specified)
No auth needed
Prerequisites: Access to tiki-index.php with vulnerable parameters
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23956

The provided text describes multiple vulnerabilities in TikiWiki CMS, including XSS via the 'parentId' parameter in 'tiki-browse_categories.php'. However, it lacks executable exploit code, making it a vulnerability writeup rather than a functional PoC.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TikiWiki CMS (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable TikiWiki instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23954

The provided text describes multiple vulnerabilities in an unspecified application, including XSS, SQL injection, and directory traversal. It lists example URLs for XSS exploitation in a 'messu-read.php' script but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Unspecified web application (likely a PHP-based system)
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by JeiAr · textwebappsphp
https://www.exploit-db.com/exploits/23953

The provided text describes multiple vulnerabilities in an unspecified application, including XSS, SQL injection, and directory traversal. It includes example URLs demonstrating XSS in messu-mailbox.php but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Unknown (likely a web application with messu-mailbox.php)
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43809

This is a detailed technical writeup describing multiple vulnerabilities in TikiWiki CMS/Groupware, including path disclosure, XSS, SQL injection, code injection, directory traversal, and arbitrary file upload. It provides specific examples of vulnerable parameters and attack vectors.

Classification
Writeup 100%
Attack Type
Sqli | Xss | Info Leak | Auth Bypass | Other
Complexity
Moderate
Reliability
Reliable
Target: TikiWiki CMS/Groupware <= 1.8.1
No auth needed
Prerequisites: Access to vulnerable TikiWiki instance
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15846
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10100
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108180073206947&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11344

Scores

EPSS 0.0180
EPSS Percentile 75.6%

Details

CWE
CWE-79
Status published
Products (2)
tiki/tikiwiki_cms\/groupware 1.6.1
tiki/tikiwiki_cms\/groupware < 1.8.1
Published Apr 11, 2004
Tracked Since Feb 18, 2026