CVE-2024-53864

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-53864
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53864.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53864
Aliases
Published
2024-11-29T19:15:09Z
Modified
2025-01-08T02:47:21Z
Summary
[none]
Details

Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. This issue has been patched in version 4.6.14. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/ibexa/admin-ui

Affected ranges

Type
GIT
Repo
https://github.com/ibexa/admin-ui
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed