CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Tiki: >> Tiki >> 17.1 Security Vulnerabilities

CVE-2018-7302

Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.

CVSS Score

5.4

EPSS Score

0.002

Published

2018-02-21

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation.

CVSS Score

8.8

EPSS Score

0.005

Published

2018-02-21

Page 2

Vulnerabilities

Vulnerable Software

Tiki: >> Tiki >> 17.1 Security Vulnerabilities

Products

Pricing

Contact Us