VYPR
← All advisories
Low severity3.5NVD Advisory· Published Jun 11, 2024· Updated Apr 15, 2026

CVE-2024-5829

CVE-2024-5829

Description

A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that "rich text is no longer maintained".

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2024-5829 describes a stored XSS vulnerability in the avueUeditor component of Avue up to 3.4.4, allowing remote attackers to inject malicious scripts.

Vulnerability

Overview

CVE-2024-5829 is a cross-site scripting (XSS) vulnerability found in the avueUeditor component of the Avue framework (up to version 3.4.4). The issue exists in an unknown functionality related to video insertion, where user input is not properly sanitized, leading to the execution of arbitrary HTML and JavaScript code [1].

Exploitation

Details

The vulnerability can be triggered remotely without requiring authentication, suggesting low attack complexity. An attacker can craft a malicious payload (e.g., a specially crafted video link) that, when processed by the rich text editor, executes in the context of the victim's browser [1].

Impact

Successful exploitation allows an attacker to perform actions such as stealing session cookies, defacing web pages, or redirecting users to malicious sites. The impact is limited to the scope of the affected component, but it could compromise the security of applications using Avue's rich text editor.

Mitigation

The vendor has indicated that the rich text component is no longer maintained, implying no patch will be released. Users are advised to disable or replace the avueUeditor component with a supported alternative to mitigate the risk [1].

References
  1. avueUeditor插入视频存在XSS漏洞 · Issue #I9UQ4Q · smallwei/Avue - Gitee

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.