CVE-2024-47817 MEDIUM

CVE-2024-47817: Unvalidated paragraph widget values can be used for Cross-site Scripting in lara-zeus

Vendor Lara-Zeus
Product dynamic-dashboard
Weakness CWE-79 · XSS
Published October 7, 2024
Last update October 8, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered. Users are advised to upgrade to the appropriate fix versions detailed in the advisory metadata. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

October 7, 2024 CVE published
October 8, 2024 Record updated