CVE-2020-16131
MEDIUMTiki < 21.2 - Cross-Site Scripting via Improper Input Neutralization in PreventXss.php
Title source: llmDescription
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://gitlab.com/tikiwiki/tiki/-/commit/d12d6ea7b025d3b3f81c8a71063fe9f89e0c4bf1
Vendor Advisory x_refsource_misc
https://tiki.org/News
Scores
CVSS v3
6.1
EPSS
0.0036
EPSS Percentile
58.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
tiki/tiki
< 21.2
Published
Aug 03, 2020
Tracked Since
Feb 18, 2026