Home > Vulnerability Database > CVE-2024-25873

Mend.io Vulnerability Database

CVE-2024-25873

Date: February 21, 2024

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

Language: PHP

Severity Score

5.4

Related Resources (4)

Url: https://www.enhavo.com/

Url: https://github.com/dd3x3r/enhavo/blob/main/html-injection-page-content-blockquote-author-v0.13.1.md

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25873

Url: https://www.mend.io/vulnerability-database/CVE-2024-25873

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-80

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25873

Date: February 21, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?