CVE-2024-53554

HIGH

Taiga 8.6.1 - Client-Side Template Injection in New Scrum Project Details

Title source: llm

Description

A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details.

References (2)

Core 2

Core References

Various Sources

https://drive.google.com/file/d/1v2MLZn4Ro9TCpw-KtksUACYFIzsbuTkL/view?usp=sharing

Various Sources

https://gist.githubusercontent.com/Tommywarren/5ed67ab173ed60faeb791215d68e3fac/raw/352cb4259c0d41d70a206d108b5578c15824b2ff/CVE-2024-53554

Scores

CVSS v3 8.0

EPSS 0.0071

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Published Nov 25, 2024

Tracked Since Feb 18, 2026