Security Advisory

CVE-2024-42515

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-31 00:00:00

Last updated 2024-11-01 15:26:55

Assigner mitre

State PUBLISHED

Description

Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry.

← Browse all CVEs View on cve.org ↗