icon

We found results for “

CVE-2024-32468

Date: November 25, 2024

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the "deno_doc" crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated "search_index.js", "deno_doc" outputs a JavaScript file for searching. However, the generated file used "innerHTML" on unsanitzed HTML input. 2.) XSS via property, method and enum names, "deno_doc" did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since "deno doc --html" is expected to be used locally with own packages.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us