Tiki vulnerability allows XSS payload insertion through name field
CVE-2024-51509

Currently unrated

Key Information:

What is CVE-2024-51509?

Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name.

Download the Critical Vulnerability Management Cheat Sheet