Moderate severityNVD Advisory· Published Mar 22, 2024· Updated Aug 28, 2024

CVE-2024-29271

Description

Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
vvvebjsnpm	< 1.7.5	1.7.5

Affected products

VvvebJs/VvvebJsdescription
ghsa-coords
pkg:npm/vvvebjs
Range: < 1.7.5

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-pc95-3wgm-x28pghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-29271ghsaADVISORY
github.com/givanz/VvvebJs/commit/c0c0545b44b23acc288ef907fb498ce15b9b576eghsaWEB
github.com/givanz/VvvebJs/issues/342ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000