VDB

CVE-2009-1204

CVE-2009-1204 PUBLISHED CVSS 4.300000190734863 MEDIUM

Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php.

EPSS 4.33% · 89.1th percentile

Risk Scores

CVSS 2.0
4.300000190734863
EPSS Score
4.33%
89.1th percentile

Affected Products

VendorProductVersions
n/an/a*
tikitikiwiki_cms\/groupware2.2

Timeline

  • Mar 12, 2009 PoC Published
  • Apr 1, 2009 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›