CVE-2017-9145

CVE-2017-9145 affects Tiki Wiki CMS Groupware (TikiFilter.php) across versions 12.x–16.x. The root cause is improper validation of the imgsize and lang parameters, enabling cross-site scripting (XSS). The vulnerability is documented with CVSS v3 base score 6.1 (MEDIUM) and CVSS v2 base score 4.3 ...