CVE-2012-5321

NUCLEI

TikiWiki CMS/Groupware 8.3 - XSS

Title source: llm

Description

tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."

Exploits (2)

exploitdb WRITEUP VERIFIED

by sonyy · textwebappsphp

https://www.exploit-db.com/exploits/36848

View Code ZIP pw:eip

nomisec SCANNER

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2012-5321

View Code ZIP pw:eip

Nuclei Templates (1)

TikiWiki CMS Groupware v8.3 - Open Redirect

MEDIUMby ctflearner

Shodan: http.html:"tiki wiki"

FOFA: body="tiki wiki"

References (6)

[Vendor Advisory] http://secunia.com/advisories/48102

[Exploit] http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html

[Exploit] http://www.securityfocus.com/bid/52079

[Exploit] http://www.securitytracker.com/id?1026708

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/73403

[Third Party Advisory, VDB Entry] http://osvdb.org/79409

Scores

EPSS 0.2314

EPSS Percentile 95.9%

Details

CWE

CWE-20

Status published

Products (1)

tiki/tikiwiki_cms\/groupware 8.3

Published Oct 08, 2012

Tracked Since Feb 18, 2026