Client-Side Template Injection Vulnerability Affects Taiga v 8.6.1
CVE-2024-53554

8HIGH

Key Information:

Vendor

Taiga

Vendor
CVE Published:
25 November 2024

What is CVE-2024-53554?

A Client-Side Template Injection vulnerability exists in the Taiga Project Management Software version 8.6.1. This flaw allows remote attackers to execute arbitrary code by injecting malicious payloads into the new project details interface. By exploiting this vulnerability, attackers can manipulate client-side templates, leading to potential unauthorized access and control over the affected system.

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.