Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index.Referenceshttps://security.tiki.org/Disclose-a-Vulnerabilityhttps://github.com/r0ck3t1973/xss_payload/issues/9