Web application abuses : Tiki Wiki CMS Groupware <= 27.0 Multiple XSS Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.171310

Kategorie: Web application abuses

Titel: Tiki Wiki CMS Groupware <= 27.0 Multiple XSS Vulnerabilities

Zusammenfassung: Tiki Wiki CMS Groupware is prone to multiple cross-site; scripting (XSS) vulnerabilities.

Beschreibung: Summary:
Tiki Wiki CMS Groupware is prone to multiple cross-site
scripting (XSS) vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- CVE-2024-51506: Users who have certain permissions are able to insert a 'Create a Wiki Pages'
stored XSS payload in the description.

- CVE-2024-51507: Users who have certain permissions are able to insert a 'Create/Edit External
Wiki' stored XSS payload in the Name.

- CVE-2024-51508: Users who have certain permissions are able to insert a 'Create/Edit External
Wiki' stored XSS payload in the Index.

- CVE-2024-51509: Users who have certain permissions are able to insert a 'Modules'
(aka tiki-admin_modules.php) stored XSS payload in the Name.

Affected Software/OS:
Tiki Wiki CMS Groupware version 27.0 and prior.

Solution:
No known solution is available as of 19th March, 2025.
Information regarding this issue will be updated once solution details are available.

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-51506
Common Vulnerability Exposure (CVE) ID: CVE-2024-51507
Common Vulnerability Exposure (CVE) ID: CVE-2024-51508
Common Vulnerability Exposure (CVE) ID: CVE-2024-51509

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.171310
Kategorie:	Web application abuses
Titel:	Tiki Wiki CMS Groupware <= 27.0 Multiple XSS Vulnerabilities
Zusammenfassung:	Tiki Wiki CMS Groupware is prone to multiple cross-site; scripting (XSS) vulnerabilities.
Beschreibung:	Summary: Tiki Wiki CMS Groupware is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2024-51506: Users who have certain permissions are able to insert a 'Create a Wiki Pages' stored XSS payload in the description. - CVE-2024-51507: Users who have certain permissions are able to insert a 'Create/Edit External Wiki' stored XSS payload in the Name. - CVE-2024-51508: Users who have certain permissions are able to insert a 'Create/Edit External Wiki' stored XSS payload in the Index. - CVE-2024-51509: Users who have certain permissions are able to insert a 'Modules' (aka tiki-admin_modules.php) stored XSS payload in the Name. Affected Software/OS: Tiki Wiki CMS Groupware version 27.0 and prior. Solution: No known solution is available as of 19th March, 2025. Information regarding this issue will be updated once solution details are available. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-51506 Common Vulnerability Exposure (CVE) ID: CVE-2024-51507 Common Vulnerability Exposure (CVE) ID: CVE-2024-51508 Common Vulnerability Exposure (CVE) ID: CVE-2024-51509
Copyright	Copyright (C) 2025 Greenbone AG