Moderate severityNVD Advisory· Published Aug 23, 2024· Updated Aug 26, 2024

CVE-2024-40111

Description

A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any user visiting the forum.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
automad/automadPackagist	<= 2.0.0-alpha.4	—

Affected products

Automad/Automadcpe-rescue
ghsa-coords
pkg:composer/automad/automad
Range: <= 2.0.0-alpha.4

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-g8h2-j9pm-4xx2ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-40111ghsaADVISORY
drive.google.com/file/d/10BVQKYo2H1-Nx3FOGteL2xww4lbZ3xlS/viewghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000