XSS Vulnerability in Tiki before 18 Allows Privilege Escalation via SVG Image
CVE-2018-7188 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
Learn more about our User Device Pen Test.