How severe is CVE-2024-55652?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-55652?

This is classified as CWE-1336, which is a common weakness in software security.

CVE-2024-55652 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue.

Related Vulnerabilities

CVE-2023-41047

MEDIUM

CVSS:6.5(Medium)

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that wi...

CWE-13362023

CVE-2023-47542

MEDIUM

CVSS:6.7(Medium)

A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute u...

CWE-13362023

CVE-2024-25624

MEDIUM

CVSS:6.8(Medium)

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in `iris-web...

CWE-13362024

CVE-2024-39766

HIGH

CVSS:7.0(High)

Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of priv...

CWE-13362024

CVE-2022-0896

HIGH

CVSS:7.1(High)

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

CWE-13362022

CVE-2024-34710

HIGH

CVSS:7.1(High)

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute...

CWE-13362024