CVE-2024-53554

CVSS 8 HIGHEPSS 0.7%CWE-94

A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://drive.google.com/file/d/1v2MLZn4Ro9TCpw-KtksUACYFIzsbuTkL/view?usp=sharing https://gist.githubusercontent.com/Tommywarren/5ed67ab173ed60faeb791215d68e3fac/raw/352cb4259c0d41d70a206d108b5578c15824b2ff/CVE-2024-53554