Loading
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
Use CWE-79, Tiki vendor hub and Tiki product page to widen CVE-2018-7302 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2020-15906, CVE-2023-22850 and CVE-2023-22853 for nearby disclosures in the same product family.