CVE-2017-9145

Published: Jun 26, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.

Affected (23)

Products: Tiki: Tikiwiki Cms/groupware

1 product

Tikiwiki Cms/groupware

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Tiki Tikiwiki Cms/groupware	Version 12.0
Tiki Tikiwiki Cms/groupware	Version 12.1
Tiki Tikiwiki Cms/groupware	Version 12.2
Tiki Tikiwiki Cms/groupware	Version 12.3
Tiki Tikiwiki Cms/groupware	Version 12.4
Tiki Tikiwiki Cms/groupware	Version 12.5
Tiki Tikiwiki Cms/groupware	Version 12.6
Tiki Tikiwiki Cms/groupware	Version 12.7
Tiki Tikiwiki Cms/groupware	Version 12.8
Tiki Tikiwiki Cms/groupware	Version 12.9
Tiki Tikiwiki Cms/groupware	Version 13.0
Tiki Tikiwiki Cms/groupware	Version 13.1
Tiki Tikiwiki Cms/groupware	Version 13.2
Tiki Tikiwiki Cms/groupware	Version 14.0
Tiki Tikiwiki Cms/groupware	Version 14.1
Tiki Tikiwiki Cms/groupware	Version 15.0
Tiki Tikiwiki Cms/groupware	Version 15.1
Tiki Tikiwiki Cms/groupware	Version 15.2
Tiki Tikiwiki Cms/groupware	Version 15.3
Tiki Tikiwiki Cms/groupware	Version 15.4
Tiki Tikiwiki Cms/groupware	Version 16.0
Tiki Tikiwiki Cms/groupware	Version 16.1
Tiki Tikiwiki Cms/groupware	Version 16.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://sourceforge.net/p/tikiwiki/code/62386

Source: cve@mitre.org

PatchThird Party Advisory

https://sourceforge.net/p/tikiwiki/code/62386

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.