CVE-2024-34006

Summary

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

Affected Software

VendorProductVersion RangeStatus
4.0 <= 4.3.3affected
4.2 <= 4.2.6affected
4.1 <= 4.1.9affected

Weaknesses

  • CWE-838: CWE-838 Inappropriate Encoding for Output Context

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References