Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 16 Feb 2018 18:42:59 +0100
From: chbi@...i.eu
To: oss-security@...ts.openwall.com
Subject: Re: XSS vulnerability in Tiki < 18


> A XSS vulnerability via SVG image allows an authenticated user to gain
> administrator privileges if an administrator opens a wiki page with a
> malicious SVG image, related to filegallib.php.
> 
> 
> Fix:
> https://sourceforge.net/p/tikiwiki/code/65327


CVE-2018-7188 has been assigned.

-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc



Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ