CVSS 3.1 Score 6.1 of 10 (medium)


Published Mar 21, 2024


CVE-2024-27290 is a vulnerability in Docassemble, an expert system for guided interviews and document assembly. The vulnerability allows users to input HTML code, including in the user's name field, which then gets displayed on the screen as HTML. This vulnerability has been patched in version 1.4.97 of the master branch. The base severity of this vulnerability is medium, with a base score of 6.1 according to CVSS:3.1. There are low integrity and confidentiality impacts associated with this vulnerability, and it requires user interaction over a network. The exploitability score is 2.8 out of 10, indicating a moderate level of difficulty for exploitation. The potential danger to organizations is that it could lead to cross-site scripting attacks (CWE-79), allowing attackers to inject malicious code into websites and potentially compromise user data or perform unauthorized actions on behalf of the user.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27290 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options