CVSS 3.1 Score 7.1 of 10 (high)


Published Apr 17, 2024


CVE-2024-32463 is a vulnerability in the open source framework called phlex, used for building object-oriented views in Ruby. The vulnerability is a cross-site scripting (XSS) issue that can be exploited through maliciously crafted user data. It allows the bypassing of the filter that detects and prevents the use of the javascript: URL scheme in the href attribute of an <a> tag by using tab \t or newline \n characters between the characters of the protocol. This vulnerability has been fixed in versions 1.10.1, 1.9.2, 1.8.3, 1.7.2, 1.6.3, 1.5.3, and 1.4.2 of phlex by configuring a Content Security Policy that disallows unsafe-inline. The potential danger to organizations is relatively high as it can lead to unauthorized execution of scripts on users' browsers and potentially compromise sensitive information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-32463 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options