oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XSS vulnerability in Tiki < 18

From: chbi () chbi eu
Date: Fri, 16 Feb 2018 18:42:59 +0100


A XSS vulnerability via SVG image allows an authenticated user to gain
administrator privileges if an administrator opens a wiki page with a
malicious SVG image, related to filegallib.php.


Fix:
https://sourceforge.net/p/tikiwiki/code/65327



CVE-2018-7188 has been assigned.

-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: