CVE-2024-51507

Name of the Vulnerable Software and Affected Versions Tiki versions prior to 27.1

Description The issue allows users with specific permissions to insert a stored XSS payload in the Name field when creating or editing an external wiki. This can lead to the execution of malicious scripts.

Recommendations For versions prior to 27.1, update to version 27.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Create/Edit External Wiki" feature for users with certain permissions until a patch is available.