Packagist (Composer) package
tikiwiki/tiki-manager
pkg:composer/tikiwiki/tiki-manager
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-7302 | — | <= 17.1 | — | Feb 21, 2018 | Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. | ||
| CVE-2013-4714 | — | >= 6.0, < 6.13 | 6.13 | Nov 6, 2013 | Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- CVE-2018-7302Feb 21, 2018affected <= 17.1
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
- CVE-2013-4714Nov 6, 2013affected >= 6.0, < 6.13fixed 6.13
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.