CVE-2018-7302

Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:tiki:tiki:17.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-21 20:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-7302

Mitre link : CVE-2018-7302

CVE.ORG link : CVE-2018-7302


JSON object : View

Products Affected

tiki

  • tiki
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')