PT-2024-21177 · Enhavo · Enhavo
Daniel Puente
·
Published
2024-02-22
·
Updated
2024-08-26
·
CVE-2024-25873
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Enhavo version 0.13.1
Description
The issue is related to an HTML injection vulnerability in the Author text field under the Blockquote module. This allows attackers to execute arbitrary code via a crafted payload.
Recommendations
For Enhavo version 0.13.1, consider disabling the Author text field under the Blockquote module as a temporary workaround until a patch is available. Restrict access to this module to minimize the risk of exploitation. Avoid using the Author text field in the Blockquote module until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enhavo