oss-sec mailing list archives
Re: XSS vulnerability in Tiki < 18
From: chbi () chbi eu
Date: Fri, 16 Feb 2018 18:42:59 +0100
A XSS vulnerability via SVG image allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to filegallib.php. Fix: https://sourceforge.net/p/tikiwiki/code/65327
CVE-2018-7188 has been assigned. -- chbi https://chbi.eu GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E https://chbi.eu/chbi.asc
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- XSS vulnerability in Tiki < 18 chbi (Feb 16)
- Re: XSS vulnerability in Tiki < 18 chbi (Feb 16)