CVE-2020-8966
MEDIUMTiki-Wiki CMS < 20.0 - Cross-Site Scripting in PHP Webpages
Title source: llmDescription
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware. Tiki-Wiki CMS all versions through 20.0 allows malicious users to cause the injection of malicious code fragments (scripts) into a legitimate web page.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://www.incibe-cert.es/en/early-warning/security-advisories/cross-site-scripting-xss-flaws-found-tiki-wiki-cms-software
Patch x_refsource_confirm
https://sourceforge.net/p/tikiwiki/code/75455
Scores
CVSS v3
6.5
EPSS
0.0085
EPSS Percentile
53.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-80
CWE-79
Status
published
Products (1)
tiki/tikiwiki_cms\/groupware
< 20.0
Published
Apr 01, 2020
Tracked Since
Feb 18, 2026