Cross-Site Scripting (XSS) Vulnerability in Tiki (versions before 18.2, 15.7, and 12.14) via Link Attributes

CVE-2018-14849 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.

Learn more about our Web Application Penetration Testing UK.