Reflected XSS Vulnerability Affects Don't Break The Code
CVE-2024-51779

7.1HIGH

Key Information:

Vendor: Stranger StudiOS (wordcamp Philly)
Status: Don't Break The Code
Vendor: CVE Published:; 9 November 2024

Summary

The vulnerability in Don't Break The Code, developed by Stranger Studios, arises from improper neutralization of user input during web page generation, leading to reflected Cross-Site Scripting (XSS). This flaw enables attackers to inject harmful scripts into pages viewed by other users, significantly compromising the security of the affected web applications. Versions from n/a through 3.1 are susceptible, allowing potential exploitation that can result in unauthorized actions or data theft. Immediate action is recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

Don't Break The Code <= .3.1

References

https://patchstack.com/database/vulnerability/dont-break-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Nov 4, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)