CVE-2024-22191
CVE-2024-22191 describes a stored XSS flaw in Avo’s key_value field for Rails admin panels. Affected: Avo v3.2.3 and v2.46.0 (reports also cite related builds); the payload is injected into HTML without proper sanitization, enabling arbitrary JavaScript execution in victims’ browsers. Impact stat...