CVE-2024-47817

Summary

Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered. Users are advised to upgrade to the appropriate fix versions detailed in the advisory metadata. There are no known workarounds for this vulnerability.

Affected Software

VendorProductVersion RangeStatus
lara-zeusdynamic-dashboardlara-zeus/dynamic-dashboard: >= 3.0.0, < 3.0.2affected
lara-zeusdynamic-dashboardlara-zeus/artemis: >= 1.0.0, < 1.0.7affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References