Moderate severityNVD Advisory· Published Feb 22, 2024· Updated Oct 30, 2024

CVE-2024-25876

Description

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
enhavo/enhavo-appPackagist	<= 0.13.1	—

Affected products

Enhavo/CMSdescription
ghsa-coords
pkg:composer/enhavo/enhavo-app
Range: <= 0.13.1

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-pcm8-qqrp-w6qfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-25876ghsaADVISORY
github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-titel-v0.13.1.mdghsaWEB
www.enhavo.comghsaWEB
www.enhavo.commitre

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000