What the vulnerability does

01Description

govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.

Key dates

02Disclosure timeline

January 4, 2024 CVE published
November 29, 2025 Record updated