PT-2024-10355 · Unknown · Open Social
Greg Knaddison
+2
·
Published
2024-09-04
·
Updated
2025-08-28
·
CVE-2024-13273
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Open Social versions 0.0.0 through 12.3.8
Open Social versions 12.4.0 through 12.4.5
Open Social versions 13.0.0 through 13.0.0-alpha11
Description
The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS) attacks. This can enable a remote attacker to conduct inter-site script attacks.
Recommendations
For Open Social versions 0.0.0 through 12.3.8, update to a version after 12.3.8 to resolve the issue.
For Open Social versions 12.4.0 through 12.4.5, update to a version after 12.4.5 to resolve the issue.
For Open Social versions 13.0.0 through 13.0.0-alpha11, update to a version after 13.0.0-alpha11 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Social