CVE-2024-46879

Name of the Vulnerable Software and Affected Versions Tiki version 21.2

Description A reflected cross-site scripting (XSS) issue exists in the zipPath POST request data of the tiki-admin system.php file. This allows attackers to execute arbitrary JavaScript code through a crafted payload, potentially leading to unauthorized actions or access to sensitive information.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing the zipPath input parameter to prevent the injection of malicious scripts.