Cross Site Scripting Vulnerability in Summernote Software by Bootstrap
CVE-2024-29504

7.6HIGH

Key Information:

Vendor: Bootstrap
Status: Summernote
Vendor: CVE Published:; 10 April 2024

What is CVE-2024-29504?

A Cross Site Scripting vulnerability exists in Summernote versions prior to v0.8.18. This issue enables a remote attacker to execute arbitrary JavaScript code through a specially crafted payload targeting the codeview parameter. Successful exploitation could lead to unauthorized actions on behalf of users interacting with affected instances of Summernote, making it crucial for developers and administrators to implement immediate mitigations.

References

https://github.com/summernote/summernote/pull/3782

https://gist.github.com/phoenix118go/a9192281efcfa518daa7...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Mar 19, 2024

CVE-2024-29504 Data

JSON