Public CVE-2017-9937 disclosure

TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.