CVE-2018-7188

Name of the Vulnerable Software and Affected Versions Tiki versions prior to 18

Description The issue allows an authenticated user to gain administrator privileges by exploiting an XSS vulnerability via an SVG image. This occurs when an administrator opens a wiki page containing a malicious SVG image, related to the file lib/filegals/filegallib.php.

Recommendations For versions prior to 18, update to version 18 or later to resolve the issue. As a temporary workaround, consider restricting access to wiki pages that may contain malicious SVG images until the update is applied.