Moderate severityNVD Advisory· Published Feb 22, 2024· Updated Aug 27, 2024
CVE-2024-25874
CVE-2024-25874
Description
A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
enhavo/enhavo-appPackagist | <= 0.13.1 | — |
Affected products
2- Enhavo/CMSdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-38m8-5gfc-663gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-25874ghsaADVISORY
- github.com/dd3x3r/enhavo/blob/main/xss-create-tag-v0.13.1.mdghsaWEB
- www.enhavo.comghsaWEB
- www.enhavo.commitre
News mentions
0No linked articles in our index yet.