CVE-2024-33670 MEDIUM

CVE-2024-33670

Vendor N/A
Product n/a
Published April 26, 2024
Last update August 2, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:R

What the vulnerability does

01Description

Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page.

Key dates

02Disclosure timeline

April 26, 2024 CVE published
August 2, 2024 Record updated