CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53555
https://notcve.org/view.php?id=CVE-2024-53555
26 Nov 2024 — A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. • https://drive.google.com/file/d/1M4UjoTUqlPWLYjevCuE3WhdUqQkRj0-r/view?usp=drive_link • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53554
https://notcve.org/view.php?id=CVE-2024-53554
25 Nov 2024 — A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. • https://drive.google.com/file/d/1v2MLZn4Ro9TCpw-KtksUACYFIzsbuTkL/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •