{"id":"CVE-2024-51509","details":"Tiki through 27.0 allows users who have certain permissions to insert a \"Modules\" (aka tiki-admin_modules.php) stored XSS payload in the Name.","modified":"2026-04-10T05:16:14.903614Z","published":"2024-10-28T23:15:02.907Z","references":[{"type":"WEB","url":"https://security.tiki.org/Disclose-a-Vulnerability"},{"type":"REPORT","url":"https://github.com/r0ck3t1973/xss_payload/issues/10"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/tikiwiki/tiki","events":[{"introduced":"0"},{"last_affected":"c42159b5f3f48fa298537d90eca1a369a4454757"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"27.0"}]}}],"versions":["tags/27.0","tags/27.0RC1","tags/27.0alpha","tags/27.0beta"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51509.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}