XSS Vulnerability in Tiki before 18 Allows Privilege Escalation via SVG Image

XSS Vulnerability in Tiki before 18 Allows Privilege Escalation via SVG Image

CVE-2018-7188 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.

Learn more about our User Device Pen Test.