How severe is CVE-2024-45299?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-45299?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2024-45299 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The Content-Security-Policy directive blocks any potential script execution. The administrator or event administrator can override the texts for customization purpose. The texts are not properly escaped. Version 2.0-M5 fixes this issue.

Related Vulnerabilities

CVE-2009-4267

MEDIUM

CVSS:6.5(Medium)

The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.

CWE-1162009

CVE-2019-0857

MEDIUM

CVSS:6.5(Medium)

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.

CWE-1162019

CVE-2019-0956

MEDIUM

CVSS:6.5(Medium)

An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint S...

CWE-1162019

CVE-2019-0971

MEDIUM

CVSS:6.5(Medium)

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, ...

CWE-1162019

CVE-2020-27604

MEDIUM

CVSS:6.5(Medium)

BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With th...

CWE-1162020

CVE-2021-28662

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly oc...

CWE-1162021