CVE-2024-38379

MEDIUM Year: 2024
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue.

Related Vulnerabilities

CVE-2004-1865

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name (...

CWE-792004

CVE-2010-2472

MEDIUM
CVSS:4.8(Medium)

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which co...

CWE-792010

CVE-2011-3352

MEDIUM
CVSS:4.8(Medium)

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula admi...

CWE-792011

CVE-2012-1637

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.

CWE-792012

CVE-2012-1932

MEDIUM
CVSS:4.8(Medium)

A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.

CWE-792012

CVE-2012-2078

MEDIUM
CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.

CWE-792012