CVE-2024-52277
HIGH EXPLOITEDDocuSeal <= 1.8.1 - Content Spoofing via Layered Document Rendering
Title source: llmExploitation Summary
CVE-2024-52277 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSeal: through 1.8.1, >1.8.1.
References (4)
Core 4
Core References
Various Sources vdb-entry
https://www.vulsec.org/advisories
Various Sources product
https://docuseal.com/
Various Sources product
https://docuseal.eu/
Scores
CVSS v4
8.2
EPSS
0.0020
EPSS Percentile
10.4%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/U:Red
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2024-12-05
CWE
CWE-451
Status
published
Products (2)
DocuSeal/DocuSeal
< 1.8.1
DocuSeal/DocuSeal
>1.8.1
Published
Dec 04, 2024
Tracked Since
Feb 18, 2026