CVE Tools

tiki

Web & CMS Pluginsoss-project

57

Cumulative CVEs

20

Monthly snapshots

#12

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting tiki.

CVE-2024-46879A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary ...5.4Mar 23, 2026
CVE-2024-46878A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript co...5.4Mar 23, 2026
CVE-2025-34111Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE9.8Jul 15, 2025
CVE-2025-32461wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.9.9Apr 9, 2025
CVE-2024-51509Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.4.8Oct 28, 2024
CVE-2024-51508Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.4.8Oct 28, 2024
CVE-2024-51507Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.4.8Oct 28, 2024
CVE-2024-51506Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.4.8Oct 28, 2024
CVE-2023-22853Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.8.8Jan 14, 2023
CVE-2023-22852Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.6.5Jan 14, 2023
CVE-2023-22851Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call.7.2Jan 14, 2023
CVE-2023-22850Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.8.8Jan 14, 2023
CVE-2021-36551TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML ...5.4Oct 28, 2021
CVE-2021-36550TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts...5.4Oct 28, 2021
CVE-2020-29254TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary...8.8Dec 11, 2020