Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
References
Link | Resource |
---|---|
https://gitlab.com/tikiwiki/tiki/-/commit/d12d6ea7b025d3b3f81c8a71063fe9f89e0c4bf1 | Third Party Advisory |
https://tiki.org/News | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-03T16:52:42
Updated: 2020-08-03T16:52:42
Reserved: 2020-07-29T00:00:00
Link: CVE-2020-16131
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-03T17:15:11.980
Modified: 2020-08-04T18:16:20.217
Link: CVE-2020-16131
JSON object: View
Redhat Information
No data.
CWE