CVE-2024-47090 MEDIUM

CVE-2024-47090: XSS via WYSIWYG editor

Vendor Nagvis

Product Nagvis

Weakness CWE-79 · XSS

Published May 27, 2025

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS

Key dates

02Disclosure timeline

May 27, 2025 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-47090 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2011-10038 Nagios XI < 2011R1.9 XSS via Recurring Downtime Script CVE-2024-8325 Gutenberg Page Builder Blocks & Ready-Made Patterns Library <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-23905 WordPress Admin Options Pages plugin <= 0.9.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-23834 Discourse improperly sanitized user input leads to XSS CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting