CVE-2024-47885

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has *stored* attacker-controlled scriptless HTML elements (i.e., `iframe` tags with unsanitized `name` attributes) on the destination pages. This vulnerability can result in cross-site scripting (XSS) attacks on websites that built with Astro that enable the client-side routing with `ViewTransitions` and store the user-inserted scriptless HTML tags without properly sanitizing the `name` attributes on the page. Version 4.16.1 contains a patch for this issue.

Related Vulnerabilities

CVE-2018-6682

MEDIUM
CVSS:5.9(Medium)

Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.

CWE-792018

CVE-2019-14415

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another u...

CWE-792019

CVE-2019-7000

MEDIUM
CVSS:5.9(Medium)

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencin...

CWE-792019

CVE-2020-13407

MEDIUM
CVSS:5.9(Medium)

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or a...

CWE-792020

CVE-2020-13408

MEDIUM
CVSS:5.9(Medium)

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or a...

CWE-792020

CVE-2020-13409

MEDIUM
CVSS:5.9(Medium)

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or a...

CWE-792020