Jonnybradley

**Name of the Vulnerable Software and Affected Versions** Tiki versions prior to 18.2 Tiki versions prior to 15.7 Tiki versions prior to 12.14 **Description** The issue is related to cross-site scripting (XSS) via link attributes. It is associated with the files lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. **Recommendations** For versions prior to 18.2, update to version 18.2 or later. For versions prior to 15.7, update to version 15.7 or later. For versions prior to 12.14, update to version 12.14 or later.

**Name of the Vulnerable Software and Affected Versions** Tiki versions prior to 18.2 Tiki versions prior to 15.7 Tiki versions prior to 12.14 **Description** The issue allows an authenticated user to inject JavaScript, potentially gaining administrator privileges if an administrator interacts with a modified link or image on a wiki page. **Recommendations** For versions prior to 18.2, update to version 18.2 or later. For versions prior to 15.7, update to version 15.7 or later. For versions prior to 12.14, update to version 12.14 or later.

**Name of the Vulnerable Software and Affected Versions** Tiki Wiki CMS Groupware versions prior to 15.3 **Description** The issue allows attackers to steal a user's cookie due to a cross-site scripting (XSS) vulnerability. **Recommendations** For versions prior to 15.3, update to version 15.3 or later to resolve the issue.