CVE-2024-5829
LOWsmallweigit Avue <3.4.4 - XSS
Title source: llmDescription
A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that "rich text is no longer maintained".
Exploits (1)
gitee
5,381 stars
by smallweigit · javascriptwriteup
https://gitee.com/smallweigit/avue/issues/I9UQ4Q
Scores
CVSS v3
3.5
EPSS
0.0020
EPSS Percentile
41.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Classification
CWE
CWE-79
Status
draft
Timeline
Published
Jun 11, 2024
Tracked Since
Feb 18, 2026