How severe is CVE-2024-52300?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2024-52300?

This is classified as CWE-80, which is a common weakness in software security.

CVE-2024-52300

CRITICAL Year: 2024

CVSS v3 Score

9.0

Critical

Weakness Type

CWE-80

View all →

Vulnerability Description

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6.

CVE-2021-27915

CRITICAL

CVSS:9.0(Critical)

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissi...

CWE-802021

CVE-2022-25620

CRITICAL

CVSS:9.0(Critical)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitr...

CWE-802022

CVE-2022-21145

CRITICAL

CVSS:9.1(Critical)

A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code in...

CWE-802022

CVE-2022-28703

CRITICAL

CVSS:9.1(Critical)

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrar...

CWE-802022

CVE-2019-13923

CRITICAL

CVSS:9.6(Critical)

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks...

CWE-802019

CVE-2020-13562

CRITICAL

CVSS:9.6(Critical)

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a craft...

CWE-802020

CVE-2024-52300

Vulnerability Description

Related Vulnerabilities

CVE-2021-27915

CVE-2022-25620

CVE-2022-21145

CVE-2022-28703

CVE-2019-13923

CVE-2020-13562