Tiki Zero-Day Vulnerability Allows Stored Cross-Site Scripting
CVE-2024-51506

Currently unrated

Key Information:

Vendor

Tiki

Status
Tiki
Vendor
CVE Published:
28 October 2024

What is CVE-2024-51506?

Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description.

References

https://security.tiki.org/Disclose-a-Vulnerability
https://github.com/r0ck3t1973/xss_payload/issues/8

Timeline

  • Vulnerability published

.