CVE-2024-51507: XSS
First published: Mon Oct 28 2024(Updated: )
Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tiki Wiki CMS Groupware | <=27.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-51507?
CVE-2024-51507 is classified as a stored Cross-Site Scripting (XSS) vulnerability with significant risk due to potential impacts on user data integrity and application security.
How do I fix CVE-2024-51507?
To fix CVE-2024-51507, update your Tiki software to version 27.1 or later where the vulnerability is patched.
Who is affected by CVE-2024-51507?
CVE-2024-51507 affects Tiki installations up to and including version 27.0 where users have permissions to create or edit external wiki pages.
What causes CVE-2024-51507?
CVE-2024-51507 is caused by improper input validation that allows users to inject malicious scripts into the Name field when creating or editing external wiki entries.
What types of attacks can CVE-2024-51507 enable?
CVE-2024-51507 can enable various attacks including session hijacking, data theft, and manipulation of the behavior of the application for users accessing the affected pages.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/tiki
- canonical/tiki wiki cms groupware