[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] XSS vulnerability in Tiki < 18
From: chbi () chbi ! eu
Date: 2018-02-16 17:42:59
Message-ID: 57f3ff1c-b639-0691-3452-c4c0871523a1 () chbi ! eu
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
> A XSS vulnerability via SVG image allows an authenticated user to gain
> administrator privileges if an administrator opens a wiki page with a
> malicious SVG image, related to filegallib.php.
>
>
> Fix:
> https://sourceforge.net/p/tikiwiki/code/65327
CVE-2018-7188 has been assigned.
--
chbi
https://chbi.eu
GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E
https://chbi.eu/chbi.asc
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic