CVE-2024-29504
HIGHSummernote < 0.8.18 - Cross-Site Scripting via Codeview Parameter
Title source: llmDescription
Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/phoenix118go/a9192281efcfa518daa709ab7638712b
Exploit, Issue Tracking
https://github.com/summernote/summernote/pull/3782
Scores
CVSS v3
7.6
EPSS
0.0060
EPSS Percentile
69.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
npm/summernote
0npm
summernote/summernote
< 0.8.18
Published
Apr 10, 2024
Tracked Since
Feb 18, 2026