Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-08-03
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
CVSS Score
7.2
EPSS Score
0.032
Published
2020-01-27
Page 2