Lfagundes

**Name of the Vulnerable Software and Affected Versions** Tiki versions prior to 12.13 Tiki versions prior to 15.6 Tiki versions prior to 17.2 Tiki versions prior to 18.1 **Description** Cross Site Scripting (XSS) issue exists. **Recommendations** For versions prior to 12.13, update to version 12.13 or later. For versions prior to 15.6, update to version 15.6 or later. For versions prior to 17.2, update to version 17.2 or later. For versions prior to 18.1, update to version 18.1 or later.

**Name of the Vulnerable Software and Affected Versions** Tiki versions prior to 18 **Description** The issue allows an authenticated user to gain administrator privileges by exploiting an XSS vulnerability via an SVG image. This occurs when an administrator opens a wiki page containing a malicious SVG image, related to the file lib/filegals/filegallib.php. **Recommendations** For versions prior to 18, update to version 18 or later to resolve the issue. As a temporary workaround, consider restricting access to wiki pages that may contain malicious SVG images until the update is applied.