CVE-2024-27290 — MEDIUM (6.1)

Q: How severe is CVE-2024-27290?

CVE-2024-27290 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-27290?

Check the references section above for vendor advisories and patch information. Affected products include: Jhpyle Docassemble.

Vulnerability Description

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Jhpyle	Docassemble	< 1.4.97

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-27290?

CVE-2024-27290 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be ...

How severe is CVE-2024-27290?

CVE-2024-27290 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-27290?

Check the references section above for vendor advisories and patch information. Affected products include: Jhpyle Docassemble.