Strix
26.1K

CVE-2024-23189

MEDIUMCVSS 5.4/10EPSS 0.53%

Last modified

CVE-2024-23189 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. EPSS estimates a 0.53% chance of exploitation in the next 30 days.

Description

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS Probability
0.53%

40.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2024-23189?
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known.
How severe is CVE-2024-23189?
CVE-2024-23189 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.53% probability of exploitation in the next 30 days.
How do I fix CVE-2024-23189?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-23189?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST