Lucene search

K
githubGitHub Advisory DatabaseGHSA-PCM8-QQRP-W6QF
HistoryFeb 22, 2024 - 3:30 p.m.

Enhavo Cross-site Scripting vulnerability

2024-02-2215:30:39
CWE-79
GitHub Advisory Database
github.com
1
enhavo cms
xss vulnerability
header module
arbitrary script execution
crafted payload
title text field

AI Score

5.7

Confidence

High

EPSS

0

Percentile

9.0%

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.

Affected configurations

Vulners
Node
enhavoenhavo-appRange0.13.1
VendorProductVersionCPE
enhavoenhavo-app*cpe:2.3:a:enhavo:enhavo-app:*:*:*:*:*:*:*:*

AI Score

5.7

Confidence

High

EPSS

0

Percentile

9.0%