Vulnerability Description
HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enpass | Password Manager | 6.9.2 |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/177075/Enpass-Desktop-Application-6.9.2-HTBroken Link
- https://packetstormsecurity.com/files/177075/Enpass-Desktop-Application-6.9.2-HTBroken Link
FAQ
What is CVE-2024-26362?
CVE-2024-26362 is a vulnerability with a CVSS score of 8.8 (HIGH). HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
How severe is CVE-2024-26362?
CVE-2024-26362 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-26362?
Check the references section above for vendor advisories and patch information. Affected products include: Enpass Password Manager, Linux Linux Kernel, Microsoft Windows.