Vulnerability Details CVE-2018-7188
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2018-7188
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.6.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.8.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.1.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.10
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.11
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.3.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.3.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.5
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.6
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.7
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.8
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.8.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.8.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:1.9.9
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:10.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:10.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:10.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:10.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:10.4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:10.5
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:11.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:11.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.10
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.11
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.12
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.13
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.14
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.5
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.6
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.7
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.8
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:12.9
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:13.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:13.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:13.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:14.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:14.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:15.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:15.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:15.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:15.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:15.4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:15.5
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:15.6
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:15.7
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:16.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:16.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:16.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:17.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:17.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:17.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:2.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:3.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:3.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:3.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:3.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:3.4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:3.5
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:4.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:4.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:4.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:5.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:5.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:5.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:5.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.10
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.11
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.12
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.13
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.5
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.7
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.8
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:6.9
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:7.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:7.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:7.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:8.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:8.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:8.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:8.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:8.4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:9.0
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:9.1
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:9.2
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:9.3
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:9.4
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:9.5
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:9.6
-
cpe:2.3:a:tiki:tikiwiki_cms/groupware:9.7