Tikiwiki cms\/groupware

This hub aggregates every CVE we track for Tikiwiki cms\/groupware, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Tikiwiki cms\/groupware.

• CVE-2025-34111Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE9.8Jul 15, 2025
• CVE-2021-36551TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML ...5.4Oct 28, 2021
• CVE-2021-36550TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts...5.4Oct 28, 2021
• CVE-2020-29254TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary...8.8Dec 11, 2020
• CVE-2020-8966Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software6.5Apr 1, 2020
• CVE-2013-6022A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.6.1Feb 12, 2020
• CVE-2011-4336Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.6.1Jan 15, 2020
• CVE-2010-4239Tiki Wiki CMS Groupware 5.2 has Local File Inclusion9.8Oct 28, 2019
• CVE-2010-4240Tiki Wiki CMS Groupware 5.2 has XSS6.1Oct 28, 2019
• CVE-2010-4241Tiki Wiki CMS Groupware 5.2 has CSRF8.8Oct 28, 2019
• CVE-2019-15314tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.5.4Aug 22, 2019
• CVE-2018-20719In Tiki before 17.2, the user task component is vulnerable to a SQL Injection via the tiki-user_tasks.php show_history parameter.8.8Jan 15, 2019
• CVE-2018-14849Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.5.4Aug 13, 2018
• CVE-2018-14850Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the ...5.4Aug 13, 2018
• CVE-2018-7290Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.5.4Mar 9, 2018