CVE-2018-7303by Jeremyin Security Bulletinson Posted on February 21, 2018 The Calendar component in Tiki 17.1 allows HTML injection.