logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2024-27290 docassemble-webapp

Package

Manager: pip
Name: docassemble-webapp
Vulnerable Version: =0.3.10 || =0.3.11 || =0.3.12 || =0.3.13 || =0.3.14 || =0.3.15 || =0.3.16 || =0.3.17 || =0.3.18 || =0.3.19 || =0.3.2 || =0.3.20 || =0.3.21 || =0.3.22 || =0.3.23 || =0.3.24 || =0.3.25 || =0.3.26 || =0.3.27 || =0.3.28 || =0.3.29 || =0.3.3 || =0.3.30 || =0.3.31 || =0.3.32 || =0.3.33 || =0.3.34 || =0.3.35 || =0.3.36 || =0.3.4 || =0.3.5 || =0.3.6 || =0.3.7 || =0.3.8 || =0.3.9 || =0.4.0 || =0.4.1 || =0.4.10 || =0.4.11 || =0.4.12 || =0.4.13 || =0.4.14 || =0.4.15 || =0.4.16 || =0.4.17 || =0.4.18 || =0.4.19 || =0.4.2 || =0.4.20 || =0.4.21 || =0.4.22 || =0.4.23 || =0.4.24 || =0.4.25 || =0.4.26 || =0.4.27 || =0.4.28 || =0.4.29 || =0.4.3 || =0.4.30 || =0.4.31 || =0.4.32 || =0.4.33 || =0.4.34 || =0.4.35 || =0.4.36 || =0.4.37 || =0.4.38 || =0.4.39 || =0.4.4 || =0.4.40 || =0.4.41 || =0.4.42 || =0.4.43 || =0.4.44 || =0.4.45 || =0.4.46 || =0.4.47 || =0.4.48 || =0.4.49 || =0.4.5 || =0.4.50 || =0.4.51 || =0.4.52 || =0.4.53 || =0.4.54 || =0.4.55 || =0.4.56 || =0.4.57 || =0.4.58 || =0.4.59 || =0.4.6 || =0.4.60 || =0.4.61 || =0.4.62 || =0.4.63 || =0.4.64 || =0.4.65 || =0.4.66 || =0.4.67 || =0.4.68 || =0.4.69 || =0.4.7 || =0.4.70 || =0.4.71 || =0.4.72 || =0.4.73 || =0.4.74 || =0.4.75 || =0.4.76 || =0.4.77 || =0.4.78 || =0.4.79 || =0.4.8 || =0.4.80 || =0.4.9 || =0.5.0 || =0.5.1 || =0.5.10 || =0.5.100 || =0.5.101 || =0.5.102 || =0.5.103 || =0.5.104 || =0.5.105 || =0.5.106 || =0.5.107 || =0.5.108 || =0.5.109 || =0.5.11 || =0.5.110 || =0.5.111 || =0.5.12 || =0.5.13 || =0.5.14 || =0.5.15 || =0.5.16 || =0.5.17 || =0.5.18 || =0.5.19 || =0.5.2 || =0.5.20 || =0.5.21 || =0.5.22 || =0.5.23 || =0.5.24 || =0.5.25 || =0.5.26 || =0.5.27 || =0.5.28 || =0.5.29 || =0.5.3 || =0.5.30 || =0.5.31 || =0.5.32 || =0.5.33 || =0.5.34 || =0.5.35 || =0.5.36 || =0.5.37 || =0.5.38 || =0.5.39 || =0.5.4 || =0.5.40 || =0.5.41 || =0.5.42 || =0.5.43 || =0.5.44 || =0.5.45 || =0.5.46 || =0.5.47 || =0.5.48 || =0.5.49 || =0.5.5 || =0.5.50 || =0.5.51 || =0.5.52 || =0.5.53 || =0.5.54 || =0.5.55 || =0.5.56 || =0.5.57 || =0.5.58 || =0.5.59 || =0.5.6 || =0.5.60 || =0.5.61 || =0.5.62 || =0.5.63 || =0.5.64 || =0.5.65 || =0.5.66 || =0.5.67 || =0.5.68 || =0.5.69 || =0.5.7 || =0.5.70 || =0.5.71 || =0.5.72 || =0.5.73 || =0.5.74 || =0.5.75 || =0.5.76 || =0.5.77 || =0.5.78 || =0.5.79 || =0.5.8 || =0.5.80 || =0.5.81 || =0.5.82 || =0.5.83 || =0.5.84 || =0.5.85 || =0.5.86 || =0.5.87 || =0.5.88 || =0.5.89 || =0.5.9 || =0.5.90 || =0.5.91 || =0.5.92 || =0.5.93 || =0.5.94 || =0.5.95 || =0.5.96 || =0.5.97 || =0.5.98 || =0.5.99 || =1.0.0 || =1.0.1 || =1.0.10 || =1.0.11 || =1.0.12 || =1.0.13 || =1.0.14 || =1.0.15 || =1.0.2 || =1.0.3 || =1.0.4 || =1.0.5 || =1.0.6 || =1.0.7 || =1.0.8 || =1.0.9 || =1.1.1 || =1.1.10 || =1.1.100 || =1.1.101 || =1.1.102 || =1.1.103 || =1.1.104 || =1.1.105 || =1.1.106 || =1.1.107 || =1.1.108 || =1.1.109 || =1.1.11 || =1.1.110 || =1.1.111 || =1.1.112 || =1.1.113 || =1.1.12 || =1.1.13 || =1.1.14 || =1.1.15 || =1.1.16 || =1.1.17 || =1.1.18 || =1.1.19 || =1.1.2 || =1.1.20 || =1.1.21 || =1.1.22 || =1.1.23 || =1.1.24 || =1.1.25 || =1.1.26 || =1.1.27 || =1.1.28 || =1.1.29 || =1.1.3 || =1.1.30 || =1.1.31 || =1.1.32 || =1.1.33 || =1.1.34 || =1.1.35 || =1.1.36 || =1.1.37 || =1.1.38 || =1.1.39 || =1.1.4 || =1.1.40 || =1.1.41 || =1.1.42 || =1.1.43 || =1.1.44 || =1.1.45 || =1.1.46 || =1.1.47 || =1.1.48 || =1.1.49 || =1.1.5 || =1.1.50 || =1.1.51 || =1.1.52 || =1.1.53 || =1.1.54 || =1.1.55 || =1.1.56 || =1.1.57 || =1.1.58 || =1.1.59 || =1.1.6 || =1.1.60 || =1.1.61 || =1.1.62 || =1.1.63 || =1.1.64 || =1.1.65 || =1.1.66 || =1.1.67 || =1.1.68 || =1.1.69 || =1.1.7 || =1.1.70 || =1.1.71 || =1.1.72 || =1.1.73 || =1.1.74 || =1.1.75 || =1.1.76 || =1.1.77 || =1.1.78 || =1.1.79 || =1.1.8 || =1.1.80 || =1.1.81 || =1.1.82 || =1.1.83 || =1.1.84 || =1.1.85 || =1.1.86 || =1.1.87 || =1.1.88 || =1.1.89 || =1.1.9 || =1.1.90 || =1.1.91 || =1.1.92 || =1.1.93 || =1.1.94 || =1.1.95 || =1.1.96 || =1.1.97 || =1.1.98 || =1.1.99 || =1.2.0 || =1.2.1 || =1.2.10 || =1.2.100 || =1.2.101 || =1.2.102 || =1.2.103 || =1.2.104 || =1.2.105 || =1.2.106 || =1.2.107 || =1.2.108 || =1.2.109 || =1.2.11 || =1.2.12 || =1.2.13 || =1.2.14 || =1.2.15 || =1.2.16 || =1.2.17 || =1.2.18 || =1.2.19 || =1.2.2 || =1.2.20 || =1.2.21 || =1.2.22 || =1.2.23 || =1.2.24 || =1.2.25 || =1.2.26 || =1.2.27 || =1.2.28 || =1.2.29 || =1.2.3 || =1.2.30 || =1.2.31 || =1.2.32 || =1.2.33 || =1.2.34 || =1.2.35 || =1.2.36 || =1.2.37 || =1.2.38 || =1.2.39 || =1.2.4 || =1.2.40 || =1.2.41 || =1.2.42 || =1.2.43 || =1.2.44 || =1.2.45 || =1.2.46 || =1.2.47 || =1.2.48 || =1.2.49 || =1.2.5 || =1.2.50 || =1.2.51 || =1.2.52 || =1.2.53 || =1.2.54 || =1.2.55 || =1.2.56 || =1.2.57 || =1.2.58 || =1.2.59 || =1.2.6 || =1.2.60 || =1.2.61 || =1.2.62 || =1.2.63 || =1.2.64 || =1.2.65 || =1.2.66 || =1.2.67 || =1.2.68 || =1.2.69 || =1.2.7 || =1.2.70 || =1.2.71 || =1.2.72 || =1.2.73 || =1.2.74 || =1.2.75 || =1.2.76 || =1.2.77 || =1.2.78 || =1.2.79 || =1.2.8 || =1.2.80 || =1.2.81 || =1.2.82 || =1.2.83 || =1.2.84 || =1.2.85 || =1.2.86 || =1.2.87 || =1.2.88 || =1.2.89 || =1.2.9 || =1.2.90 || =1.2.91 || =1.2.92 || =1.2.93 || =1.2.94 || =1.2.95 || =1.2.96 || =1.2.97 || =1.2.98 || =1.2.99 || =1.3.1 || =1.3.10 || =1.3.11 || =1.3.12 || =1.3.13 || =1.3.14 || =1.3.15 || =1.3.16 || =1.3.17 || =1.3.18 || =1.3.19 || =1.3.2 || =1.3.20 || =1.3.21 || =1.3.22 || =1.3.23 || =1.3.24 || =1.3.25 || =1.3.26 || =1.3.27 || =1.3.28 || =1.3.29 || =1.3.3 || =1.3.30 || =1.3.31 || =1.3.32 || =1.3.33 || =1.3.34 || =1.3.35 || =1.3.36 || =1.3.37 || =1.3.38 || =1.3.39 || =1.3.4 || =1.3.40 || =1.3.41 || =1.3.42 || =1.3.43 || =1.3.44 || =1.3.45 || =1.3.46 || =1.3.47 || =1.3.48 || =1.3.49 || =1.3.5 || =1.3.50 || =1.3.51 || =1.3.52 || =1.3.6 || =1.3.7 || =1.3.8 || =1.3.9 || =1.4.0 || =1.4.1 || =1.4.10 || =1.4.11 || =1.4.12 || =1.4.13 || =1.4.14 || =1.4.15 || =1.4.16 || =1.4.17 || =1.4.18 || =1.4.19 || =1.4.2 || =1.4.20 || =1.4.21 || =1.4.22 || =1.4.23 || =1.4.24 || =1.4.25 || =1.4.26 || =1.4.27 || =1.4.28 || =1.4.29 || =1.4.3 || =1.4.30 || =1.4.31 || =1.4.32 || =1.4.33 || =1.4.34 || =1.4.35 || =1.4.36 || =1.4.37 || =1.4.38 || =1.4.39 || =1.4.4 || =1.4.40 || =1.4.41 || =1.4.42 || =1.4.43 || =1.4.44 || =1.4.45 || =1.4.46 || =1.4.47 || =1.4.48 || =1.4.49 || =1.4.5 || =1.4.50 || =1.4.51 || =1.4.52 || =1.4.53 || =1.4.54 || =1.4.55 || =1.4.56 || =1.4.57 || =1.4.58 || =1.4.59 || =1.4.6 || =1.4.60 || =1.4.61 || =1.4.62 || =1.4.63 || =1.4.64 || =1.4.65 || =1.4.66 || =1.4.67 || =1.4.68 || =1.4.69 || =1.4.7 || =1.4.70 || =1.4.71 || =1.4.72 || =1.4.73 || =1.4.74 || =1.4.75 || =1.4.76 || =1.4.77 || =1.4.78 || =1.4.79 || =1.4.8 || =1.4.80 || =1.4.81 || =1.4.82 || =1.4.83 || =1.4.84 || =1.4.85 || =1.4.86 || =1.4.87 || =1.4.88 || =1.4.89 || =1.4.9 || =1.4.90 || =1.4.91 || =1.4.92 || =1.4.93 || =1.4.94 || =1.4.95 || =1.4.96 || >=0 <1.4.97

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00205 pctl0.42816

Details

Docassemble HTML and javascript injection ### Impact A user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain `<script>` tags allowing JavaScript to execute on the page. ### Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched. ### Workarounds If upgrading is not possible, manually apply the changes of [4801ac7](https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa) and restart the server (e.g., by pressing Save on the Configuration screen). ### Credit The vulnerability was discovered by Riyush Ghimire (@richighimi). ### For more information If you have any questions or comments about this advisory: * Open an issue in [docassemble](https://github.com/jhpyle/docassemble/issues) * Join the [Slack channel](https://join.slack.com/t/docassemble/shared_invite/zt-2cspzjo9j-YyE7SrLmi5muAvnPv~Bz~A) * Email us at jhpyle@gmail.com

Metadata

Created: 2024-02-29T22:14:49Z
Modified: 2024-03-21T18:31:05.509250Z
Source: https://osv-vulnerabilities
CWE IDs: ["CWE-79"]
Alternative ID: N/A
Finding: F425
Auto approve: 1