PT-2018-12762 · Tiki · Tiki
Jonnybradley
·
Publicado
2018-08-13
·
Atualizado
2018-10-10
·
CVE-2018-14850
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Tiki versions prior to 18.2
Tiki versions prior to 15.7
Tiki versions prior to 12.14
Description
The issue allows an authenticated user to inject JavaScript, potentially gaining administrator privileges if an administrator interacts with a modified link or image on a wiki page.
Recommendations
For versions prior to 18.2, update to version 18.2 or later.
For versions prior to 15.7, update to version 15.7 or later.
For versions prior to 12.14, update to version 12.14 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tiki