Description
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Stefan Schurtz · textwebappsphp
https://www.exploit-db.com/exploits/36470
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47278
Vendor Advisory x_refsource_confirm
http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available
Various Sources x_refsource_misc
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/77966
Scores
EPSS
0.0533
EPSS Percentile
90.2%
Details
CWE
CWE-79
Status
published
Products (24)
tiki/tikiwiki_cms\/groupware
2.2
tiki/tikiwiki_cms\/groupware
3.0
tiki/tikiwiki_cms\/groupware
3.1
tiki/tikiwiki_cms\/groupware
3.2
tiki/tikiwiki_cms\/groupware
3.3
tiki/tikiwiki_cms\/groupware
3.4
tiki/tikiwiki_cms\/groupware
3.5
tiki/tikiwiki_cms\/groupware
4
tiki/tikiwiki_cms\/groupware
4.0
tiki/tikiwiki_cms\/groupware
4.1
... and 14 more
Published
Oct 01, 2012
Tracked Since
Feb 18, 2026