CVE-2017-9145

MEDIUM

Tiki Wiki CMS Groupware <16.x - XSS

Title source: llm

Description

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.

References (1)

Scores

CVSS v3 6.1
EPSS 0.0024
EPSS Percentile 47.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (24)
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
tiki/tikiwiki_cms\/groupware
... and 14 more
Published Jun 26, 2017
Tracked Since Feb 18, 2026