CVE-2024-47885

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Oct 14, 2024

Updated: Oct 15, 2024

CWE ID 79

Summary

CVE-2024-47885 is a DOM Clobbering vulnerability affecting the Astro web framework. In versions 3.0.0 and earlier than 4.16.1, Astro's client-side router contains this issue. Attackers can leverage this vulnerability to inject cross-site scripting (XSS) code in websites utilizing Astro's client-side routing and storing user-inserted scriptless HTML elements, particularly `iframe` tags with unsanitized `name` attributes, on their pages. This can result in XSS attacks that can manipulate user interactions and steal sensitive information. Version 4.16.1 includes a patch to resolve this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zNOQt9
https://www.cve.org/CVERecord?id=CVE-2024-47885
https://nvd.nist.gov/vuln/detail/CVE-2024-47885

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-47885

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations