Loading
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
Use CWE-79, Tiki vendor hub and Tiki product page to widen CVE-2020-16131 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2020-15906, CVE-2023-22850 and CVE-2023-22853 for nearby disclosures in the same product family.