PT-2024-34888 · Happy-Dom · Happy-Dom

Kevin-Mizu

Published

2024-11-06

Updated

2024-11-08

CVE-2024-51757

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions happy-dom versions prior to 15.10.2

Description happy-dom is a JavaScript implementation of a web browser without its graphical user interface. It may execute code on the host via a script tag, which would execute code in the user context of happy-dom. There are no known workarounds for this issue.

Recommendations For versions prior to 15.10.2, upgrade to version 15.10.2 to resolve the issue. As a temporary workaround, consider restricting the use of script tags until a patch is applied.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2024-51757

GHSA-96G7-G7G9-JXW8

Affected Products

Happy-Dom

PT-2024-34888 · Happy-Dom · Happy-Dom

CVE-2024-51757

Weakness Enumeration

Related Identifiers

Affected Products

References · 16