How severe is CVE-2024-3166?

This vulnerability has a severity rating of LOW with a CVSS score of 3.4 out of 10.

What type of vulnerability is CVE-2024-3166?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-3166 - LOW Severity | CVSS 3.4

Vulnerability Description

A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, which can be exploited to execute arbitrary JavaScript code. In the desktop application, this flaw can be escalated to Remote Code Execution (RCE) due to insecure application settings, specifically the enabling of 'nodeIntegration' and the disabling of 'contextIsolation' in Electron's webPreferences. The issue has been addressed in version 1.4.2 of the desktop application.

Related Vulnerabilities

CVE-2022-4067

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2022-4069

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2023-1237

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

CWE-792023

CVE-2023-25840

LOW

CVSS:3.4(Low)

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but co...

CWE-792023

CVE-2023-36016

LOW

CVSS:3.4(Low)

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CWE-792023

CVE-2024-2171

LOW

CVSS:3.4(Low)

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacke...

CWE-792024