CVE-2024-51509

Name of the Vulnerable Software and Affected Versions Tiki versions prior to 27.1

Description The issue allows users with specific permissions to insert a stored XSS payload in the Name field of the Modules section, accessible through tiki-admin modules.php. This can lead to the execution of malicious scripts when the module is accessed.

Recommendations For versions prior to 27.1, update to version 27.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Modules section for users with permissions that could be used to insert malicious payloads.