CVE-2024-52271

HIGH EXPLOITED

Documenso <1.8.0 - Content Spoofing

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-52271 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05.

References (4)

Core 4
Core References
Various Sources vdb-entry
https://www.vulsec.org/advisories
Various Sources product
https://github.com/documenso/documenso
Various Sources product
https://www.documenso.com/

Scores

CVSS v4 8.2
EPSS 0.0020
EPSS Percentile 10.4%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/U:Red

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2024-12-05
CWE
CWE-451
Status published
Products (4)
Documenso/Documenso < 1.8.0
Documenso/Documenso >1.8.0
Documenso/Documenso SaaS (Hosted) < 2024-12-05
Documenso/Documenso SaaS (Hosted) 2024-12-05
Published Dec 05, 2024
Tracked Since Feb 18, 2026