Reflected XSS Vulnerability in Tiki CMS by Tiki Software
CVE-2024-46879

Currently unrated

Key Information:

Vendor: Tiki Software
Status: Tiki CMS
Vendor: CVE Published:; 23 March 2026

🔔 Create Tiki Software Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-46879?

A Reflected Cross-Site Scripting (XSS) vulnerability is present in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This flaw permits attackers to inject and execute arbitrary JavaScript code through specially crafted input, which can lead to unauthorized interactions or compromise of sensitive user data. It is crucial for users of Tiki CMS to apply the latest updates to mitigate this risk and safeguard their applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-46879-TikiCMS-XSS
Created by ColdFusionX

References

https://tiki.org/tiki-newsletters.php?nlId=8&info=1

https://github.com/ColdFusionX/CVE-2024-46879-TikiCMS-XSS

https://tiki.org/article515-New-Security-Update-Released-...

Timeline

🟡
Public PoC available
Mar 24, 2026
👾
Exploit known to exist
Mar 24, 2026
Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Sep 12, 2024

JSON

Tiki Software