Home > Vulnerability Database > CVE-2024-53864

Mend.io Vulnerability Database

CVE-2024-53864

Date: November 29, 2024

Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. This issue has been patched in version 4.6.14. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

7.3

Related Resources (7)

Url: https://github.com/ibexa/admin-ui/commit/8ec824a8cf06c566ed88e4c21cc66f7ed42649fc

Url: https://github.com/ibexa/admin-ui/security/advisories/GHSA-8w3p-gf85-qcch

Url: https://doc.ibexa.co/en/latest/update_and_migration/from_4.6/update_from_4.6/#v4614

Url: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53864

Url: https://github.com/ibexa/admin-ui

Url: https://www.mend.io/vulnerability-database/CVE-2024-53864

Severity Score

7.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53864

Date: November 29, 2024

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?