CVE-2024-42515

Name of the Vulnerable Software and Affected Versions Glossarizer versions 1.5.2 and earlier

Description The issue arises from the improper conversion of text into HTML, potentially leading to stored XSS attacks. Although the application itself escapes special characters, the underlying library converts these encoded characters into legitimate HTML. Attackers can exploit this by appending a XSS payload to a word with a corresponding glossary entry.

Recommendations For Glossarizer versions 1.5.2 and earlier, consider disabling the HTML conversion feature until a patch is available. Restrict access to glossary entries that may contain malicious payloads to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.