CVE-2024-26362

HIGH

Enpass Password Manager 6.9.2 - HTML Injection via Crafted Note

Title source: llm
STIX 2.1

Description

HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0057
EPSS Percentile 43.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
enpass/password_manager 6.9.2
Published Apr 10, 2024
Tracked Since Feb 18, 2026