CVE-2011-4551

Tikiwiki Cms/groupware < 8.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Schurtz · textwebappsphp

https://www.exploit-db.com/exploits/36470

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available

[Vendor Advisory] http://secunia.com/advisories/47278

[Various Sources] http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-07.txt

[Third Party Advisory, VDB Entry] http://www.osvdb.org/77966

Scores

EPSS 0.0533

EPSS Percentile 89.9%

Classification

CWE

CWE-79

Status published

Affected Products (25)

tiki/tikiwiki_cms\/groupware < 8.1

tiki/tikiwiki_cms\/groupware

... and 10 more

Timeline

Published Oct 01, 2012

Tracked Since Feb 18, 2026