PT-2024-37189 · Avue · Avue

Tony

Published

2024-06-11

Updated

2024-06-11

CVE-2024-5829

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: smallweigit Avue versions up to 3.4.4

Description: A problematic vulnerability was found in the avueUeditor component, leading to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The code maintainer notes that "rich text is no longer maintained".

Recommendations: For versions up to 3.4.4, consider disabling the avueUeditor component to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-5829

Affected Products

Avue

PT-2024-37189 · Avue · Avue

CVE-2024-5829

Weakness Enumeration

Related Identifiers

Affected Products

References · 6