Tiki · Tikiwiki Cms/Groupware · CVE-2017-9145
**Name of the Vulnerable Software and Affected Versions**
Tiki Wiki CMS Groupware versions 12.x through 16.x
**Description**
The issue is related to improper validation of the `imgsize` or `lang` parameter in TikiFilter.php, which can lead to XSS.
**Recommendations**
For versions 12.x through 16.x, update the TikiFilter.php to properly validate the `imgsize` and `lang` parameters to prevent XSS.