Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by Tiki Wiki
CVE-2024-47920 (GCVE-0-2024-47920)
Vulnerability from nvd – Published: 2024-12-30 09:46 – Updated: 2024-12-30 14:21
VLAI
Title
Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
Date Public
2024-12-30 09:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T14:21:27.878043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T14:21:38.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CMS",
"vendor": "Tiki Wiki",
"versions": [
{
"lessThan": "version 28.",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aviv Vinograzki - Peer Security LTD"
}
],
"datePublic": "2024-12-30T09:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Tiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T09:46:10.708Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 28 or later\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to version 28 or later"
}
],
"source": {
"advisory": "ILVN-2024-0213",
"discovery": "UNKNOWN"
},
"title": "Tiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-47920",
"datePublished": "2024-12-30T09:46:10.708Z",
"dateReserved": "2024-10-06T07:19:12.343Z",
"dateUpdated": "2024-12-30T14:21:38.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47919 (GCVE-0-2024-47919)
Vulnerability from nvd – Published: 2024-12-30 09:43 – Updated: 2024-12-30 16:14
VLAI
Title
Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
Date Public
2024-12-30 09:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T16:12:44.096060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:14:07.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CMS",
"vendor": "Tiki Wiki",
"versions": [
{
"lessThan": "version 28.",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aviv Vinograzki - Peer Security LTD"
}
],
"datePublic": "2024-12-30T09:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\u003c/p\u003e"
}
],
"value": "Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T09:43:39.028Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 28 or later\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to version 28 or later"
}
],
"source": {
"advisory": "ILVN-2024-0212",
"discovery": "UNKNOWN"
},
"title": "Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-47919",
"datePublished": "2024-12-30T09:43:39.028Z",
"dateReserved": "2024-10-06T07:19:12.343Z",
"dateUpdated": "2024-12-30T16:14:07.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47918 (GCVE-0-2024-47918)
Vulnerability from nvd – Published: 2024-12-30 09:41 – Updated: 2024-12-30 16:16
VLAI
Title
Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
Date Public
2024-12-30 09:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T16:16:23.439453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:16:34.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CMS",
"vendor": "Tiki Wiki",
"versions": [
{
"lessThan": "version 28",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aviv Vinograzki - Peer Security LTD"
}
],
"datePublic": "2024-12-30T09:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)\u003c/p\u003e"
}
],
"value": "Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T09:53:38.366Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 28 or later\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to version 28 or later"
}
],
"source": {
"advisory": "ILVN-2024-0211",
"discovery": "UNKNOWN"
},
"title": "Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-47918",
"datePublished": "2024-12-30T09:41:53.284Z",
"dateReserved": "2024-10-06T07:19:12.343Z",
"dateUpdated": "2024-12-30T16:16:34.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4239 (GCVE-0-2010-4239)
Vulnerability from nvd – Published: 2019-10-28 14:48 – Updated: 2024-08-07 03:34
VLAI
Summary
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2010-4239 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2010/… | x_refsource_MISC |
| https://dl.packetstormsecurity.net/1009-exploits/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tiki Wiki | CMS Groupware |
Affected:
5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has Local File Inclusion"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:48:29.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has Local File Inclusion"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4239",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4239",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4239",
"datePublished": "2019-10-28T14:48:29.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4240 (GCVE-0-2010-4240)
Vulnerability from nvd – Published: 2019-10-28 14:45 – Updated: 2024-08-07 03:34
VLAI
Summary
Tiki Wiki CMS Groupware 5.2 has XSS
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2010-4240 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2010/… | x_refsource_MISC |
| https://dl.packetstormsecurity.net/1009-exploits/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tiki Wiki | CMS Groupware |
Affected:
5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:45:55.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4240",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4240",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4240",
"datePublished": "2019-10-28T14:45:55.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4241 (GCVE-0-2010-4241)
Vulnerability from nvd – Published: 2019-10-28 14:43 – Updated: 2024-08-07 03:34
VLAI
Summary
Tiki Wiki CMS Groupware 5.2 has CSRF
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2010-4241 | x_refsource_MISC |
| https://dl.packetstormsecurity.net/1009-exploits/… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2010/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tiki Wiki | CMS Groupware |
Affected:
5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has CSRF"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:43:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has CSRF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4241",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4241",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4241",
"datePublished": "2019-10-28T14:43:05.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47920 (GCVE-0-2024-47920)
Vulnerability from cvelistv5 – Published: 2024-12-30 09:46 – Updated: 2024-12-30 14:21
VLAI
Title
Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
Date Public
2024-12-30 09:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T14:21:27.878043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T14:21:38.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CMS",
"vendor": "Tiki Wiki",
"versions": [
{
"lessThan": "version 28.",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aviv Vinograzki - Peer Security LTD"
}
],
"datePublic": "2024-12-30T09:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Tiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T09:46:10.708Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 28 or later\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to version 28 or later"
}
],
"source": {
"advisory": "ILVN-2024-0213",
"discovery": "UNKNOWN"
},
"title": "Tiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-47920",
"datePublished": "2024-12-30T09:46:10.708Z",
"dateReserved": "2024-10-06T07:19:12.343Z",
"dateUpdated": "2024-12-30T14:21:38.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47919 (GCVE-0-2024-47919)
Vulnerability from cvelistv5 – Published: 2024-12-30 09:43 – Updated: 2024-12-30 16:14
VLAI
Title
Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
Date Public
2024-12-30 09:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T16:12:44.096060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:14:07.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CMS",
"vendor": "Tiki Wiki",
"versions": [
{
"lessThan": "version 28.",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aviv Vinograzki - Peer Security LTD"
}
],
"datePublic": "2024-12-30T09:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\u003c/p\u003e"
}
],
"value": "Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T09:43:39.028Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 28 or later\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to version 28 or later"
}
],
"source": {
"advisory": "ILVN-2024-0212",
"discovery": "UNKNOWN"
},
"title": "Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-47919",
"datePublished": "2024-12-30T09:43:39.028Z",
"dateReserved": "2024-10-06T07:19:12.343Z",
"dateUpdated": "2024-12-30T16:14:07.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47918 (GCVE-0-2024-47918)
Vulnerability from cvelistv5 – Published: 2024-12-30 09:41 – Updated: 2024-12-30 16:16
VLAI
Title
Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
Date Public
2024-12-30 09:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T16:16:23.439453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:16:34.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CMS",
"vendor": "Tiki Wiki",
"versions": [
{
"lessThan": "version 28",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aviv Vinograzki - Peer Security LTD"
}
],
"datePublic": "2024-12-30T09:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)\u003c/p\u003e"
}
],
"value": "Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T09:53:38.366Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 28 or later\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to version 28 or later"
}
],
"source": {
"advisory": "ILVN-2024-0211",
"discovery": "UNKNOWN"
},
"title": "Tiki Wiki CMS \u2013 CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-47918",
"datePublished": "2024-12-30T09:41:53.284Z",
"dateReserved": "2024-10-06T07:19:12.343Z",
"dateUpdated": "2024-12-30T16:16:34.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4239 (GCVE-0-2010-4239)
Vulnerability from cvelistv5 – Published: 2019-10-28 14:48 – Updated: 2024-08-07 03:34
VLAI
Summary
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2010-4239 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2010/… | x_refsource_MISC |
| https://dl.packetstormsecurity.net/1009-exploits/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tiki Wiki | CMS Groupware |
Affected:
5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has Local File Inclusion"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:48:29.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has Local File Inclusion"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4239",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4239"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4239",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4239"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4239",
"datePublished": "2019-10-28T14:48:29.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4240 (GCVE-0-2010-4240)
Vulnerability from cvelistv5 – Published: 2019-10-28 14:45 – Updated: 2024-08-07 03:34
VLAI
Summary
Tiki Wiki CMS Groupware 5.2 has XSS
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2010-4240 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2010/… | x_refsource_MISC |
| https://dl.packetstormsecurity.net/1009-exploits/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tiki Wiki | CMS Groupware |
Affected:
5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has XSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:45:55.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4240",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4240"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4240",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4240"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4240",
"datePublished": "2019-10-28T14:45:55.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4241 (GCVE-0-2010-4241)
Vulnerability from cvelistv5 – Published: 2019-10-28 14:43 – Updated: 2024-08-07 03:34
VLAI
Summary
Tiki Wiki CMS Groupware 5.2 has CSRF
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2010-4241 | x_refsource_MISC |
| https://dl.packetstormsecurity.net/1009-exploits/… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2010/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tiki Wiki | CMS Groupware |
Affected:
5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS Groupware",
"vendor": "Tiki Wiki",
"versions": [
{
"status": "affected",
"version": "5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tiki Wiki CMS Groupware 5.2 has CSRF"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-28T14:43:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS Groupware",
"version": {
"version_data": [
{
"version_value": "5.2"
}
]
}
}
]
},
"vendor_name": "Tiki Wiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiki Wiki CMS Groupware 5.2 has CSRF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-4241",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-4241"
},
{
"name": "https://access.redhat.com/security/cve/cve-2010-4241",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2010-4241"
},
{
"name": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt",
"refsource": "MISC",
"url": "https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-xsrf.txt"
},
{
"name": "https://www.openwall.com/lists/oss-security/2010/11/22/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2010/11/22/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4241",
"datePublished": "2019-10-28T14:43:05.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}