CVE-2018-7302by Jeremyin Security Bulletinson Posted on February 21, 2018 Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.